Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks or compromise a user's system.
1) An error within the instantiation of Urlmon.dll COM objects not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.
2) An error in the handling of CSS (Cascading Style Sheet) tags can be exploited to corrupt memory via a specially crafted web page.
3) A race condition when attempting to install multiple language packs can be exploited to corrupt memory via a specially crafted web page.
4) An error in the handling of prototype variables that point to an already deleted table cell can be exploited to corrupt memory via a specially crafted web page.
5) Boundary errors within the ActiveListen (XListen.dll) and ActiveVoice (XVoice.dll) ActiveX controls of Microsoft Speech when handling certain methods or properties (e.g. "FindEngine()") can be exploited to cause stack-based or heap-based buffer overflows when a user visits a malicious website.
Provided and/or discovered by: 1) An anonymous researcher, reported via iDefense Labs.
2) Reported by the vendor.
3) An anonymous researcher and reported via ZDI.
4) Sam Thomas, reported via ZDI.
5) Independently discovered by:
* Will Dormann, CERT/CC
* cocoruder, Fortinet Security Research
Original Advisory: MS07-033 (KB933566):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Internet Explorer Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.