GFI LANguard - Vulnerability scanning and patch management. Download a free trial!

Main Menu

Free Services

Critical Alerts

- 28 May 2008

Adobe Flash Player Unspecified Remote Code Execution Vulnerability

 

- 11 Mar 2008

Microsoft Excel Multiple Remote Code Execution Vulnerabilities

 

- 16 Jan 2008

Microsoft Excel File Handling Remote Arbitrary Code Execution Vulnerability

 

- 13 Dec 2007

JustSystems Ichitaro "JSGCI.DLL" Document Processing Remote Buffer Overflow Vulnerability

 

- 11 Dec 2007

Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Advisories » Microsoft Internet Explorer Multiple Remote Memory Corruption Vulnerabilities

 

Release Date: 11/12/2007 Severity: Extremely Critical Extremely Critical
SecWatch Advisory: SWID1019741 Cause: Not specified
Solution Status: Vendor Patch Impact: Execution of arbitrary code
Exploit Status: None Available Access Vector: From remote
 
Affected Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
 
References: FrSIRT/ADV-2007-4184
CVE: CVE-2007-3902 CVE-2007-3903 CVE-2007-5344 CVE-2007-5347
Microsoft: MS07-069
Secunia: SA28036

 

Description:

Multiple vulnerabilities have been reported in Microsoft Internet Explorer, which can be exploited by remote users to compromise an affected users system.

1) Errors exist when Internet Explorer attempts to access an object which has not been initialised or has been deleted, which can be exploited to corrupt memory and execute arbitrary code with SYSTEM privileges.

2) An error exists when Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects, which can be exploited to corrupt memory and possibly execute arbitrary code.

 

Solution:

The vulnerabilities have been fixed, apply patches:
http://www.microsoft.com/techn...ecurity/Bulletin/MS07-069.mspx

 

Credits:

Peter Vreugdenhil via iDefense VCP, Sam Thomas via Zero Day Initiative and Peter Vreugdenhil via Zero Day Initiative

 

Free Vulnerability Notification Service

Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.

 

Related Vulnerabilities and Exploits

16 Jan 07: Microsoft Internet Explorer VML Remote Buffer Ov.. (MS07-004_exp.html)

09 Jan 07: Microsoft Windows Vector Markup Language Remote Buffer Overflow V..

28 Sep 06: Microsoft Internet Explorer WebViewFolderIcon set.. (MS_setSlice.html)

28 Sep 06: Microsoft Internet Explorer WebViewFolderIcon .. (WebView_SetSlice.pm)

28 Sep 06: Microsoft Internet Explorer "WebViewFolderIcon" Integer Overflow ..

[more ...]