CERT-In Vulnerability Note
CIVN-2007-0131
Multiple Vulnerabilities in Microsoft IE could Allow Remote Code Execution
Original Issue Date:October 10, 2007
Severity Rating: HIGH
Systems Affected
Microsoft Windows 2000 Service Pack 4 Windows XP Service Pack 2 Windows XP Professional x64 Edition Windows XP Professional x64 Edition Service Pack 2 Windows Server 2003 Service Pack 1 and Service Pack 2 Windows Server 2003 x64 Edition and Service Pack 2 Windows Server 2003 with SP1 for Itanium-based Systems Windows Server 2003 with SP2 for Itanium-based Systems Windows Vista Windows Vista x64 Edition
Component Affected
Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1 Internet Explorer 6 Internet Explorer 7
Overview
Multiple vulnerabilities have been reported in Microsoft Internet Explorer that could be exploited by an attacker for malicious purposes i.e. Remote Code Execution, Information Disclosure and Spoofing.
Description
1. Address Bar Spoofing Vulnerabilities
(
CVE-2007-3892
)
A spoofing vulnerability exists in Internet Explorer that could allow an attacker to display spoofed content in a browser window. After successful exploitation the address bar and other parts of the trust UI has been navigated away from the attackers Web site but the content of the window still contains the attackers Web page.
2. Error Handling Memory Corruption Vulnerability
(
CVE-2007-3893
)
A remote code execution vulnerability exists in Internet Explorer due to an unhandled error in certain situations. An attacker could exploit the vulnerability by constructing a specially crafted Web page. If a user visits the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the context of logged in user.
3. Address Bar Spoofing Vulnerability
(
CVE-2007-1091 CVE-2007-3826
)
This vulnerability exist in Internet Explorer that could allow an attacker to display content in a browser window by spoofing the address bar, conduct phishing and other attacks via repeated document.open function calls after a user requests a new page. , but before the onBeforeUnload function is called. After successful exploitation the address bar and other parts of the trust UI navigates away from the attacker's Web site but the content of the window still contains the attacker's Web page.
Workaround
Set Internet and Local intranet security zone settings to 'High' to prompt before running ActiveX Controls and Active Scripting in these zones
Configure Internet Explorer to prompt before running Active Scripting zone or disable active scripting in the internet and local intranet security zone.
Read E-Mail message in plain text format
Visit trusted website by adding them in Internet Explorer Trusted site zone.
Solution
Apply appropriate patches as mentioned in Microsoft Security Bulletin
MS07-057
Vendor Information
Microsoft
http://www.microsoft.com/technet/security/bulletin/MS07-057.mspx
References
FrSIRT
http://www.frsirt.com/english/advisories/2007/3437
Secunia
http://secunia.com/advisories/23469/
SecurityFocus
http://www.securityfocus.com/bid/22680/info
CVE Name
CVE-2007-3892
CVE-2007-3893
CVE-2007-1091
CVE-2007-3826
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-2436857
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|