|
Internet Explorer Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA25627
|
|
|
Release Date:
|
2007-06-12
|
|
Last Update:
|
2007-06-14
|
|
Popularity:
|
13,472 views
|
|
|
Critical:
|
 Highly critical
|
|
Impact:
|
Cross Site Scripting Spoofing System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 6.x Microsoft Internet Explorer 7.x
|
|
|
Binary Analysis:
|
BA157 :: Available for 1 Credit  BA162 :: Available for 1 Credit  BA163 :: Available for 1 Credit  BA164 :: Available for 1 Credit 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| CVE reference: | CVE-2007-1750 CVE-2007-1751 CVE-2007-0218 CVE-2007-2222 CVE-2007-3027
|
|
Description: Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct phishing attacks or compromise a user's system.
1) An error within the instantiation of Urlmon.dll COM objects not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.
2) An error in the handling of CSS (Cascading Style Sheet) tags can be exploited to corrupt memory via a specially crafted web page.
3) A race condition when attempting to install multiple language packs can be exploited to corrupt memory via a specially crafted web page.
4) An error in the handling of prototype variables that point to an already deleted table cell can be exploited to corrupt memory via a specially crafted web page.
5) Boundary errors within the ActiveListen (XListen.dll) and ActiveVoice (XVoice.dll) ActiveX controls of Microsoft Speech when handling certain methods or properties (e.g. "FindEngine()") can be exploited to cause stack-based or heap-based buffer overflows when a user visits a malicious website.
Solution: Apply patches.
Internet Explorer 5.01 SP4 on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=3B49F1ED-ABE3-4DBD-A91D-973415658F6B
Internet Explorer 6 SP1 on Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=5C958650-28D2-4DD0-96A8-DBFE79CE3F68
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=60FB294E-A8E1-405E-A289-2D2723EDF7EE
Internet Explorer 6 for Windows XP Professional x64 Edition (optionally SP2):
http://www.microsoft.com/downloads/de...=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D
Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=7ED19127-5C2D-48E4-A8D1-090DC69FD68B
Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=1449EB5D-6E4C-4332-8CB6-AB9EE59C9A95
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/de...=B628A3CC-A70C-478A-A10C-EEE254EE34AB
Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=C2191703-8CBD-4959-9F84-E13F21173926
Internet Explorer 7 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=69C526B8-8B07-42BC-9BED-E18DEAE21C8E
Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=A074D9C0-1FED-4753-845E-073CFCE99F45
Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=744ACB43-64DA-48CC-AE69-9386B597EABC
Internet Explorer 7 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/de...=069C1560-B5E5-4DFE-A18D-E0507D406028
Internet Explorer 7 for Windows Vista:
http://www.microsoft.com/downloads/de...=77287386-48EB-4AA9-9537-626A3093AAF7
Internet Explorer 7 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/de...=77287386-48EB-4AA9-9537-626A3093AAF7
Provided and/or discovered by: 1) An anonymous researcher, reported via iDefense Labs.
2) Reported by the vendor.
3) An anonymous researcher and reported via ZDI.
4) Sam Thomas, reported via ZDI.
5) Independently discovered by:
* Will Dormann, CERT/CC
* cocoruder, Fortinet Security Research
Changelog: 2007-06-13: Added additional information from iDefense Labs, ZDI, Fortinet, US-CERT, and rgod. Added additional links.
2007-06-14: Removed information about CVE-2007-1752 as it is already covered by CVE-2007-1499.
Original Advisory: MS07-033 (KB933566):
http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx
Fortinet:
http://www.fortiguardcenter.com/advisory/FGA-2007-08.html
iDefense Labs:
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=542
US-CERT VU#507433:
http://www.kb.cert.org/vuls/id/507433
ZDI:
http://www.zerodayinitiative.com/advisories/ZDI-07-037.html
http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
Other References: SA24535:
http://secunia.com/advisories/24535/
milw0rm:
http://www.milw0rm.com/exploits/4065
http://www.milw0rm.com/exploits/4066
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|