KB950759

UpdatesDescription: This security update resolves one privately reported and one publicly disclosed vulnerability. The privately reported vulnerability could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. The publicly disclosed vulnerability could allow information disclosure if a user viewed a specially crafted Web page using Internet Explorer. The security update addresses these vulnerabilities by modifying the way that Internet Explorer handles calls to HTML objects and validates data.

Update type: Critical

Release date: June 10, 2008

Applies to: All

Knowledge base: http://support.microsoft.com/kb/KB950759

Download link: 32-bit | 64-bit

Comments: Here are the specifics on the vulnerabilities covered by this update:

  • HTML Objects Memory Corruption Vulnerability – CVE-2008-1442
  • Request Header Cross-Domain Information Disclosure Vulnerability – CVE-2008-1544

One Reply to “KB950759”

  1. I have pushed this patch along with IE7 and got several VB errors with hexadecimal numbers like &H&000405 (unspecified error). The client machines are Windows XPSP2 with IE7 removed and restored back to IE6 for some project requirements.

Leave a Reply