Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

1) An error within the instantiation of the chtskdic.dll COM object not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.

2) An error in the "CTableCol::OnPropertyChange()" function when accessing properties of a table column in a named table row after calls to the "deleteCell()" JavaScript method can be exploited to corrupt memory via a specially crafted web page.

3) An error when calling property methods can be exploited to corrupt memory via a specially crafted web page.

4) Errors within the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page.

5) An error in the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page as a CMarkup object is used in certain cases after it has been freed.

6) An error in the media service component (msauth.dll) can be exploited to rewrite arbitrary files via a specially crafted web page.

Successful exploitation of the vulnerabilities allows execution of arbitrary code.

Solution
Apply patches.
Further details available in Customer Area

Provided and/or discovered by
1) Reported by the vendor.
2) Discovered by an anonymous person and reported via ZDI.
3) Reported by the vendor.
4) Reported by the vendor.
5) JJ Reyes, Secunia Research.
6) cocoruder, Fortinet Security Research.

Changelog
Further details available in Customer Area

Original Advisory
MS07-027 (KB931768):
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

Secunia Research:
http://secunia.com/secunia_research/2007-36/

ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-027.html

Fortinet:
http://www.fortiguardcenter.com/advisory/FGA-2007-07.html

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area