Security 10808 Published by

Microsoft has released another Cumulative Patch for Internet Explorer



This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates the following newly discovered vulnerabilities:

A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server in a popup window. It could be possible for an attacker who exploited thisvulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attackerto exploit this vulnerability without any other user action. An attacker could also craft an HTML-based e-mail that would attempt to exploit this vulnerability.

A vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a Web server during XML data binding. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's Web site, it would be possible for the attacker to exploit this vulnerability without any other user action.An attacker could also craft an HTML-based e-mail that would attempt to exploit this vulnerability.
Read more