[Microsoft Alert] Microsoft Security Bulletin MS06-013

Cumulative Security Update for Internet Explorer (912812)

Issued: April 11, 2006

Version: 1.0

 

Summary

Who should read this document: Customers who use Microsoft

Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces a prior security update. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

 

Vulnerability Details:

A remote code execution vulnerability exists in the way Internet

Explorer displays a Web page that contains certain unexpected

method calls to HTML objects. As a result, system memory may be

corrupted in such a way that an attacker could execute arbitrary code if

a user visited a malicious Web site. An attacker who successfully

exploited this vulnerability could take complete control of an affected

system.

 

Affected Software:

Microsoft Windows 2000 Service Pack 4

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP

Service Pack 2

Microsoft Windows XP Professional x64 Edition

Microsoft Windows Server 2003 and Microsoft Windows Server 2003

Service Pack 1

Microsoft Windows Server 2003 for Itanium-based Systems and

Microsoft Windows Server 2003 with Service Pack 1 for Itanium-based

Systems

Microsoft Windows Server 2003 x64 Edition family

Microsoft Windows 98, Microsoft Windows 98 Second Edition (SE),

and Microsoft Windows Millennium Edition (ME) – Review the FAQ

section of this bulletin for details about these operating systems.

 

Note The security updates for Microsoft Windows Server 2003,

Microsoft Windows Server 2003 Service Pack 1, and Microsoft

Windows Server 2003 x64 Edition also apply to Microsoft Windows

Server 2003 R2.

 

 

 

References: http://www.microsoft.com/security/bulletins/current.mspx (Microsoft Security Updates)

---