The security vulnerabilities in Microsoft's flagship Internet Explorer (IE) browser could allow an attacker to execute arbitrary code on a user's system if the user either browsed to a hostile Web site or opened a specially crafted HTML email message, the company warned.
On a day when it also warned of a "critical" hole in its Outlook Express e-mail client, the company issued a cumulative patch was issued for Internet Explorer versions 5.01 through 6.0 and includes the functionality of all previously released patches for the browser.
The first flaw a buffer overrun vulnerability in URLMON.DLL occurs because the browser does not correctly check the parameters of information being received from a Web server. This leaves the door open for an attacker to take control of a susceptible system by luring the user to visit a Website.
Microsoft said a flaw in the Internet Explorer file upload control could let an attacker supply a file name to the file upload control and automatically upload a file from the user's system to a web server.
The browser also contains a separate flaw in the way it handles the rendering of third party files. "The vulnerability results because the Internet Explorer method for rendering third party file types does not properly check parameters passed to it. An attacker could create a specially formed URL that would inject script during the rendering of a third party file format and cause the script to execute in the security context of the user," Microsoft added.
The last hole was found in the way modal dialogs are treated by IE. This flaw could be used by an attacker to gain access to files stored on a user's computer.
In addition to correcting those four flaws, Microsoft said the patch also includes a fix for Internet Explorer 6.0 SP1 that corrects the method by which the browser displays help information in the local computer zone.
The patch also sets the 'Kill Bit' on the Plugin.ocx ActiveX control which has a security vulnerability.
Microsoft cautioned that the patch will cause window.showHelp( ) to cease to function if a user does not apply the HTML Help update. "If you have installed the updated HTML Help control from Knowledge Base article 811830, you will still be able to use HTML Help functionality after applying this patch," the company noted.
Separately, the software giant tagged the maximum severity rating on a cumulative patch for Outlook Express versions 5.5 through 6.0 to fix a flaw that could allow an intruder to take over a user's machine.
To exploit the vulnerability, attacker would have to be able to cause Windows to open a specially constructed MHTML URL, either on a web site or included in an HTML email message.
Adapted from internetnews.com.