HOME > Security Info
| No. | Title | Date | ||
|---|---|---|---|---|
| 37 | Microsoft Security Bulletin MS10-018 - Critical | 03/31/10 |
1. Summary
This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 981374.
[Related Vulnerabilities]
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0267
- Post Encoding Information Disclosure Vulnerability - CVE-2010-0488
- Race Condition Memory Corruption Vulnerability - CVE-2010-0489
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0490
- HTML Object Memory Corruption Vulnerability - CVE-2010-0491
- HTML Object Memory Corruption Vulnerability - CVE-2010-0492
- HTML Element Cross-Domain Vulnerability - CVE-2010-0494
- Memory Corruption Vulnerability - CVE-2010-0805
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0806
- HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807
2. Affected Software
- Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
3. Solution
Apply the latest MS security patches for system.
4. Link
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
http://www.microsoft.com/technet/security/advisory/981374.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0806
This security update resolves nine privately reported vulnerabilities and one publicly disclosed vulnerability in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted Web page using Internet Explorer.
This security update also addresses the vulnerability first described in Microsoft Security Advisory 981374.
[Related Vulnerabilities]
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0267
- Post Encoding Information Disclosure Vulnerability - CVE-2010-0488
- Race Condition Memory Corruption Vulnerability - CVE-2010-0489
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0490
- HTML Object Memory Corruption Vulnerability - CVE-2010-0491
- HTML Object Memory Corruption Vulnerability - CVE-2010-0492
- HTML Element Cross-Domain Vulnerability - CVE-2010-0494
- Memory Corruption Vulnerability - CVE-2010-0805
- Uninitialized Memory Corruption Vulnerability - CVE-2010-0806
- HTML Rendering Memory Corruption Vulnerability - CVE-2010-0807
2. Affected Software
- Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
- Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
- Internet Explorer 6 on Windows XP SP2, SP3
- Internet Explorer 6 on Windows XP Professional x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2
- Internet Explorer 6 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 6 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows XP SP2, SP3
- Internet Explorer 7 on Windows XP Professional x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2
- Internet Explorer 7 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 7 on Windows Server 2003 SP2 for Itanium-based Systems
- Internet Explorer 7 on Windows Vista, SP1, SP2
- Internet Explorer 7 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 7 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 7 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows XP SP2, SP3
- Internet Explorer 8 on Windows XP Professional x64 Edition SP2
- Internet Explorer 8 on Windows Server 2003 SP2
- Internet Explorer 8 on Windows Server 2003 x64 Edition SP2
- Internet Explorer 8 on Windows Vista, SP1, SP2
- Internet Explorer 8 on Windows Vista x64 Edition, SP1, SP2
- Internet Explorer 8 on Windows Server 2008 for 32-bit Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for x64-based Systems, SP2
- Internet Explorer 8 on Windows Server 2008 for Itanium-based Systems, SP2
- Internet Explorer 8 on Windows 7 for 32-bit Systems
- Internet Explorer 8 on Windows 7 for x64-based Systems
3. Solution
Apply the latest MS security patches for system.
4. Link
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
http://www.microsoft.com/technet/security/advisory/981374.mspx
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0806
