Summary
This host is missing a critical security update according to Microsoft Bulletin MS09-019.
Impact
Successful exploitation will let the attacker execute arbitrary codes into the context of the affected system, as a result in view, change, or delete data and can cause denial of service to legitimate users.
Impact Level: System/Application
Solution
Run Windows Update and update the listed hotfixes or download and update mentioned hotfixes in the advisory from the below link, http://technet.microsoft.com/en-us/security/bulletin/MS09-019
Insight
Multiple flaws are due to,
- Scripts may persist across navigations and let a malicious site interact with a site in an arbitrary external domain.
- When application fails to properly enforce the same-origin policy.
- In the way that Internet Explorer caches data and incorrectly allows the cached content to be called, potentially bypassing Internet Explorer domain restriction.
- Error in the way Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects.
- Error in the way Internet Explorer accesses an object that has not been correctly initialized or has been deleted by specially crafted Web page.
Affected
Microsoft Internet Explorer version 5.x/6.x/7.x/8.x
References
Severity
Classification
-
CVE CVE-2007-3091, CVE-2009-1140, CVE-2009-1141, CVE-2009-1528, CVE-2009-1529, CVE-2009-1530, CVE-2009-1531, CVE-2009-1532 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2671605)
- Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Cumulative Security Update for Internet Explorer (969897)