HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2007-157
Internet Explorer Multiple Code Execution Vulnerabilities

Original Issue Date: December 12, 2007

Severity Rating: High


Systems Affected

•  Microsoft Windows 2000 Service Pack 4
•  Microsoft Windows 2000 Service Pack 4
•  Windows XP Service Pack 2
•  Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
•  Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
•  Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
•  Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
•  Windows Vista
•  Windows Vista x64 Edition

Software Affected

• Microsoft Internet Explorer 5.01
• Microsoft Internet Explorer 6.x
• Microsoft Internet Explorer 7.x

Overview

Multiple vulnerabilities have been reported in Internet Explorer. These vulnerabilities could be exploited by an attacker to execute arbitrary code and can take control of the affected system as in the context of logged in user.

Description

 Multiple vulnerabilities have been identified in Internet Explorer caused by memory corruption errors in Internet Explorer while handling uninitialized or deleted objects, or when processing unexpected method calls to HTML objects. The vulnerabilities could be exploited by remote attackers by tricking a user into visiting a malicious web page or HTML page to cause a denial of service or take complete control of an affected system.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS07-069

Vendor Information

Microsoft
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx

References

FrSIRT
http://www.frsirt.com/english/advisories/2007/4184

SecurityTracker
http://securitytracker.com/alerts/2007/Dec/1019078.html

Secunia
http://secunia.com/advisories/28036/

CVE Name
CVE-2007-3902
CVE-2007-3903
CVE-2007-5344
CVE-2007-5347

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91-11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003