Some vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
1) A use-after-free error in mshtml.dll when handling "setExpression()" method calls can be exploited to dereference previously freed memory via a malicious web page containing specially crafted script code.
2) An error within the handling of the "cloneNode()" and "nodeValue()" methods can be exploited to corrupt memory via a malicious web page containing specially crafted script code.
3) An error when handling document objects that have been created, modified, deleted, and are then accessed can be exploited to corrupt memory via a malicious web page containing specially crafted script code.
4) An error when displaying web pages containing certain unexpected method calls to HTML objects can be exploited to corrupt memory.
NOTE: This vulnerability is reportedly being actively exploited.
Successful exploitation of the vulnerabilities allows execution of arbitrary code when a user e.g. visits a malicious website.
Provided and/or discovered by: 1) Independently discovered by:
* An anonymous person via ZDI.
* Peter Vreugdenhil via iDefense VCP.
2) Reported by Sam Thomas via Zero Day Initiative.
3) Reported by Peter Vreugdenhil via Zero Day Initiative.
4) Reported as a 0-day.
Original Advisory: MS07-069 (KB942615):
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Internet Explorer Multiple Code Execution Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.