CERTA-2003-AVI-184
Vulnerability from certfr_avis

Un correctif cumulatif pour Internet Explorer a été réalisé par Microsoft.

Description

  • 3 vulnérabilités permettent de contourner le cloisonnement mis en place au moyen des zones de sécurité au niveau d'Internet Explorer (CVE CAN-2003-0814 ; CVE CAN-2003-815 ; CVE CAN-2003-816).
  • Une vulnérabilité dans le traitement des objets XML permet à un concepteur d'un site web judicieusement composé de lire les fichiers locaux de l'utilisateur de la machine cible (CVE CAN-2003-817).
  • Une vulnérabilité dans la vérification de téléchargement depuis une page DHTML permet à un concepteur de site d'effectuer un téléchargement sur la machine cible sans que l'utilisateur en soit informé par une boite de dialogue (CVE CAN-2003-0823).

Solution

Appliquer le correctif de l'éditeur :

http://www.microsoft.com/technet/security/bulletin/MS03-048.asp
None
Impacted products
Vendor Product Description
Microsoft N/A Internet Explorer 6 Service ;
N/A N/A Internet Explorer 6 Service Pack 1 ;
Microsoft Windows Internet Explorer 6 Service Pack 1 Windows Server 2003 (64-bit Edition) ;
N/A N/A Internet Explorer 5.5 Service Pack 2 ;
Microsoft N/A Internet Explorer 5.01 Service Pack 3 ;
Microsoft N/A Internet Explorer 6 Service Pack 1 (64-bit Edition) ;
Microsoft N/A Internet Explorer 5.01 Service Pack 4 ;
Microsoft N/A Internet Explorer 5.01 Service Pack 2.
Microsoft Windows Internet Explorer 6 Service Pack 1 Windows Server 2003 ;
References
Bulletin Microsoft MS03-048 None vendor-advisory

Show details on source website

To clipboard 

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 Windows Server 2003 (64-bit Edition) ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.5 Service Pack 2 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.01 Service Pack 3 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 (64-bit Edition) ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.01 Service Pack 4 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 5.01 Service Pack 2.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\n-   3 vuln\u00e9rabilit\u00e9s permettent de contourner le cloisonnement mis en\n    place au moyen des zones de s\u00e9curit\u00e9 au niveau d\u0027Internet Explorer\n    (CVE CAN-2003-0814 ; CVE CAN-2003-815 ; CVE CAN-2003-816).\n-   Une vuln\u00e9rabilit\u00e9 dans le traitement des objets XML permet \u00e0 un\n    concepteur d\u0027un site web judicieusement compos\u00e9 de lire les fichiers\n    locaux de l\u0027utilisateur de la machine cible (CVE CAN-2003-817).\n-   Une vuln\u00e9rabilit\u00e9 dans la v\u00e9rification de t\u00e9l\u00e9chargement depuis une\n    page DHTML permet \u00e0 un concepteur de site d\u0027effectuer un\n    t\u00e9l\u00e9chargement sur la machine cible sans que l\u0027utilisateur en soit\n    inform\u00e9 par une boite de dialogue (CVE CAN-2003-0823).\n\n## Solution\n\nAppliquer le correctif de l\u0027\u00e9diteur :\n\n    http://www.microsoft.com/technet/security/bulletin/MS03-048.asp\n",
  "cves": [],
  "initial_release_date": "2003-11-12T00:00:00",
  "last_revision_date": "2003-11-12T00:00:00",
  "links": [],
  "reference": "CERTA-2003-AVI-184",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2003-11-12T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "Acc\u00e8s aux donn\u00e9es utilisateur"
    }
  ],
  "summary": "Un correctif cumulatif pour Internet Explorer a \u00e9t\u00e9 r\u00e9alis\u00e9 par\nMicrosoft.\n",
  "title": "Correctif cumulatif pour Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin Microsoft MS03-048",
      "url": null
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.