Microsoft Security Bulletin MS06-042

Microsoft Security Bulletin MS06-042
Cumulative Security Update for Internet Explorer (918899)
Published: August 8, 2006 | Updated: November 8, 2006

Version: 3.1

Summary
Who should read this document: Customers who use Microsoft Windows

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

Recommendation: Customers should apply the update immediately.

Security Update Replacement: This bulletin replaces several prior security updates. See the frequently asked questions (FAQ) section of this bulletin for the complete list.

Caveats: On September 12, 2006, this Security Bulletin and Internet Explorer 6 Service Pack 1, Internet Explorer 5.01 Service Pack 4, and Internet Explorer 6 for Microsoft Windows Server 2003 security updates were updated to address a vulnerability documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3873. Customers using these versions of Internet Explorer should apply the new update immediately.

On August 24, 2006 this Security Bulletin and the Internet Explorer 6 Service Pack 1 security updates were updated to address an issue documented in Microsoft Knowledge Base Article 923762. This issue may lead to an additional buffer overrun condition only affecting Internet Explorer 6 Service Pack 1 customers that have applied the original version of that update released August 8th, 2006. The security issue is documented in the Vulnerability Details section as Long URL Buffer Overflow – CVE-2006-3869. Internet Explorer 6 Service Pack 1 Customers should apply the new update immediately.

Microsoft Knowledge Base Article 918899 documents this and any other currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. For more information, see Microsoft Knowledge Base Article 918899.

Tested Software and Security Update Download Locations:

Affected Software:

• Microsoft Windows 2000 Service Pack 4

• Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2

• Microsoft Windows XP Professional x64 Edition

• Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1

• Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems

• Microsoft Windows Server 2003 x64 Edition


Tested Microsoft Windows Components:

Affected Components:

• Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4 — Download the update

• Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1 — Download the update

• Internet Explorer 6 for Microsoft Windows XP Service Pack 2 — Download the update

• Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1 — Download the update

• Internet Explorer 6 for Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems — Download the update

• Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition — Download the update

• Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition — Download the update


The software in this list has been tested to determine whether the versions are affected. Other versions either no longer include security update support or may not be affected. To determine the support life cycle for your product and version, visit the Microsoft Support Lifecycle Web site.

Note The security updates for Microsoft Windows Server 2003, Windows Server 2003 Service Pack 1, and Windows Server 2003 x64 Edition also apply to Windows Server 2003 R2.

http://www.microsoft.com/technet/security/bulletin/ms06-042.mspx