CERT-In Vulnerability Note CIVN-2007-22
Microsoft Internet Explorer COM Object Instantiation and FTP server Response Parsing Vulnerabilities
Original Issue Date:
February 14, 2007
Severity Rating:
High
Systems Affected
- Microsoft Windows 2000 SP4
- Microsoft Windows XP SP2
- Microsoft Windows XP Professional x64 Edition
- Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
- Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 SP1 for Itenium-based Systems
- Microsoft Windows Server 2003 x64 Edition
Overview Multiple remote code execution vulnerability has been reported in Microsoft Internet Explorer that could be exploited by an attacker to take complete control of the vulnerable system.
Description
1. COM Object Instantiation Memory Corruption Vulnerability
( CVE-2006-4697 )
The vulnerability is caused due to an error while instantiating certain COM objects (Imjpcksid.dll and Imjpskdic.dll) not intended to be instantiated in Microsoft Internet explorer.
The attacker could exploit this vulnerability by hosting a specially crafted web site and persuading the user to visit the website typically by getting them click on a link to the website. Accessing such web site through Internet Explorer may corrupt system memory and allowing to execute arbitrary code if user has logged on the system with administrative privileges.
COM Object Instantiation Memory Corruption Vulnerability
( CVE-2007-0219 )
The vulnerability is caused due to an error while instantiating certain COM objects (Msb1fren.dll, Htmlmm.ocx, and Blnmgrps.dll) not intended to be instantiated in Microsoft Internet Explorer.
The attacker could exploit this vulnerability by hosting a specially crafted web site and persuading the user to visit the website typically by getting them click on a link to the website. Accessing such web site through Internet Explorer may corrupt system memory and allowing to execute arbitrary code if user has logged on the system with administrative privileges.
FTP Server Response Parsing Memory Corruption Vulnerability
( CVE-2007-0217 )
The vulnerability is caused due to the way Internet explorer handles the FTP server responses. An off by one error exists in wininet.dll while parsing the FTP server responses.
An attacker could exploit this vulnerability by hosting a malicious FTP server and persuading a user to visit the FTP server typically getting them click on a link to the FTP server. Attacker may send specially crafted FTP responses in an FTP session to the FTP client included in Internet explorer which may corrupt system memory and allowwing to execute arbitrary code on the vulnerable system if user has logged on the system with administrative privileges.
WorkArounds
- Read e-mail messages in plain text format using Outlook 2002 or a later version, or Outlook Express 6 SP1 or a later version
- Configure Internet Explorer to prompt before running ActiveX Controls or disable ActiveX Controls in the Internet and Local intranet security zone.
- Add trusted sites to the Internet Explorer Trusted sites zone.
- Prevent COM objects from running in Internet Explorer
- Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin MS07-016
Vendor information
Microsoft
http://www.microsoft.com/technet/security/Bulletin/ms07-016.mspx
References
Microsoft
http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
Secunia
http://secunia.com/advisories/24156/
CVE Name
CVE-2006-4697
CVE-2007-0219
CVE-2007-0217
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Phone: +91-11-24368572
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003
|
