Multiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by attackers to take complete control of an affected system.
The first issue is due to a memory corruption error when instantiating the "Imjpcksid.dll" COM object as an ActiveX control, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.
The second vulnerability is due to a memory corruption error when instantiating the "Msb1fren.dll", "Htmlmm.ocx" or "Blnmgrps.dll" objects as ActiveX controls, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.
The third issue is due to a memory corruption error when processing specially crafted FTP responses, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.
Affected Products
Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4 Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4 Microsoft Internet Explorer 6 for Windows XP Service Pack 2 Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition Microsoft Internet Explorer 6 for Windows Server 2003 Microsoft Internet Explorer 6 for Windows Server 2003 SP1 Microsoft Internet Explorer 6 for Windows Server 2003 (Itanium) Microsoft Internet Explorer 6 for Windows Server 2003 SP1 (Itanium) Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition Microsoft Windows Internet Explorer 7 for Windows XP Service Pack 2 Microsoft Windows Internet Explorer 7 for Windows XP Professional x64 Edition Microsoft Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1 Microsoft Windows Internet Explorer 7 for Windows Server 2003 SP1 (Itanium) Microsoft Windows Internet Explorer 7 for Windows Server 2003 x64 Edition
