Microsoft Internet Explorer (IE) contains multiple vulnerabilities, the most serious of which could allow a remote attacker to execute arbitrary code with the privileges of the user running IE. Note: (2003-09-09) The patch provided by MS03-032 does not completely resolve the vulnerability described in VU#865940. I. Description Microsoft Security Bulletin MS03-032 describes five vulnerabilities in Internet Explorer. These vulnerabilities are listed below. More detailed information is available in the individual vulnerability notes. Note that in addition to IE, any applications that use the IE HTML rendering engine to interpret HTML documents may present additional attack vectors for these vulnerabilities. VU#205148 - Microsoft Internet Explorer does not properly evaluate Content-Type and Content-Disposition headers A cross-domain scripting vulnerability exists in the way IE evaluates Content-Type and Content-Disposition headers and checks for files in the local browser cache. This vulnerability could allow a remote attacker to execute arbitrary script in a different domain, including the Local Machine Zone. (Other resources: SNS Advisory No.67, CAN-2003-0531) VU#865940 - Microsoft Internet Explorer does not properly evaluate "application/hta" MIME type referenced by DATA attribute of OBJECT element IE will execute an HTML Application (HTA) referenced by the DATA attribute of an OBJECT element if the Content-Type header returned by the web server is set to "application/hta". An attacker could exploit this vulnerability to execute arbitrary code with the privileges of the user running IE. (Other resources: eEye Digital Security Advisory AD20030820, CAN-2003-0532) VU#548964 - Microsoft Windows BR549.DLL ActiveX control contains vulnerability The Microsoft Windows BR549.DLL ActiveX control, which provides support for the Windows Reporting Tool, contains an unknown vulnerability. The impact of this vulnerability is not known. VU#813208 - Microsoft Internet Explorer does not properly render an input type tag IE does not properly render an input type tag, allowing a remote attacker to cause a denial of service. VU#334928 - Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems Certain versions of IE that support double-byte character sets (DBCS) contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE. (Other resources: SNS Advisory No.68, Microsoft Security Bulletin MS03-020, CAN-2003-0344)