|
 |
|
Microsoft Windows Vector Markup Language Pufferüberlauf
|
|
|
|
|
Secunia Advisory:
|
SA26409
|
|
|
Herausgegeben:
|
2007-08-14
|
|
Last Update:
|
2007-08-15
|
|
|
Gefahrenstufe:
|
Sehr kritisch
|
|
Auswirkung:
|
Systemzugriff
|
|
Von Wo:
|
Aus dem Internet
|
|
Lösungsstatus:
|
Hersteller-Patch
|
|
| OS: | Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows Storage Server 2003
Microsoft Windows Vista
Microsoft Windows XP Home Edition
Microsoft Windows XP Professional
|
| | Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
|
| | CVE reference: | CVE-2007-1749 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Beschreibung:
Eine Sicherheitslücke wurde in Microsoft Windows gemeldet, die böswillige Personen ausnutzen können, um das System eines Benutzers zu kompromittieren.
Die Sicherheitslücke wird durch einen Integer-Unterlauf in der Implementierung der Vector Markup Language (VML) (vgx.dll) während der Verarbeitung von einer VML referenzierten Inhalten verursacht. Dies kann ausgenutzt werden, um einen Heap-basierten Pufferüberlauf zu verursachen, falls ein Benutzer z.B. eine bösartige Website mit dem Internet Explorer besucht.
Eine erfolgreiche Ausnutzung könnte die Ausführung von beliebigem Code erlauben.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Lösung:
Verwenden Sie die Patches.
Internet Explorer 5.01 SP4 for Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=31E63D6F-B6B7-41D7-8AE6-DD7FCF89D477
Internet Explorer 6 SP1 for Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=7099D33A-0EF6-423F-824E-757482517612
Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=4447D74F-09EA-4BE0-9DAE-C243CE657FB7
Internet Explorer 6 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=98CCD207-F4D0-4625-AEAB-0EBF1643A5FD
Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=463535AA-E04E-4A30-B3AB-8CD6D8CDD13C
Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=9D4375D4-FB9B-4771-BD6F-E5D23EEDBC6B
Internet Explorer 6 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/de...=C7BE313B-3405-42E1-9E4B-0CB6BF3D2CB1
Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=9F5DA816-194C-478E-8A96-9421A0C52C9F
Internet Explorer 7 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=1C3168A9-D959-4137-868A-EC70DA737C21
Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=59884E97-4912-4A9A-8A31-8182EA2D24DB
Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=42060E27-DE14-4D0C-92A0-138CB57FE2B5
Internet Explorer 7 for Windows Server 2003 with SP1/SP2 for Itanium-based systems:
http://www.microsoft.com/downloads/de...=A536206E-9D1B-49A8-81A1-53D46F2DE973
Internet Explorer 7 for Windows Vista:
http://www.microsoft.com/downloads/de...=2DD908A4-6152-4976-AAAA-01F5F37C9143
Internet Explorer 7 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/de...=592435BC-1D43-4544-BD8A-4A2D829DC1A1
Gemeldet und/oder entdeckt von:
Derek Soeder, eEye Digital Security.
Änderungen:
2007-08-15: Link zum US-CERT und weitere Informationen von eEye Digital Security hinzugefügt.
Original Advisory:
MS07-050 (KB938127):
http://www.microsoft.com/technet/security/Bulletin/MS07-050.mspx
eEye Digital Security:
http://research.eeye.com/html/advisories/published/AD20070814a.html
Andere Referenzen:
US-CERT VU#468800:
http://www.kb.cert.org/vuls/id/468800
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
413 Related Secunia Security Advisories, displaying 10
|
|
|
1. Microsoft SQL Server und MSDE Mehrere Sicherheitslücken
|
|
2. Microsoft Windows Explorer gespeicherte Suche Sicherheitslücke
|
|
3. Microsoft Windows DNS-Spoofing Sicherheitslücken
|
|
4. Internet Explorer 6 Window "location" Sicherheitslücke
|
|
5. Internet Explorer 7 Frame-Verwaltung Sicherheitslücke
|
|
6. Microsoft Windows Pragmatic General Multicast Denial of Service
|
|
7. Microsoft Windows Active Directory Verarbeitung von LDAP-Anfragen Denial of Service
|
|
8. Microsoft Windows WINS Rechteerweiterung
|
|
9. Microsoft DirectX MJPEG/SAMI Sicherheitslücken
|
|
10. Microsoft Windows Spracherkennung Sicherheitsproblem
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
