- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 13 Dec 2007 10:48:30 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
- - - - - - - - -
Internet Explorer is "a graphical web browser developed by Microsoft Corp.
and included as part of Microsoft Windows since 1995. The setExpression
DHTML object within a web page". Remote exploitation of a heap corruption
vulnerability in Microsoft Corp.'s Internet Explorer web browser allows
attackers to execute arbitrary code in the context of the current user.
* Internet Explorer version 6.0
* Internet Explorer version 7.0
implemented in mshtml.dll. When malformed parameters are supplied, memory
can be corrupted in a way that results in Internet Explorer accessing a
previously deleted object. By creating a specially crafted web page, it is
possible for an attacker to control the contents of the memory pointed to
by the released object. This allows an attacker to execute arbitrary code.
Exploitation of this vulnerability would allow an attacker to execute
arbitrary code in the context of the user running Internet Explorer.
In order to exploit this vulnerability, an attacker must persuade a user
to render a malicious web page using Internet Explorer. This is usually
accomplished by providing a link to the malicious page in an e-mail or
On Windows Vista, Internet Explorer 7 runs in "Protected Mode". Since
"Protected Mode" processes web pages with lower privileges than a normal
user, it lessens the impact of this vulnerability. However, it does not
prevent arbitrary code execution on the affected system.
issue. Applying this workaround will prevent proper rendering of web sites
Microsoft has addressed this vulnerability within Microsoft Security
Bulletin MS07-069. For more information, consult their bulletin at the
05/08/2007 - Initial vendor notification
05/08/2007 - Initial vendor response
12/11/2007 - Coordinated public disclosure
The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxx> iDefense Labs Security Advisories.
The original article can be found at:
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NEWS] Websense Policy Filtering Bypass (User-Agent)
- Next by Date: [EXPL] Samba "send_mailslot()" Buffer Overflow Vulnerability (Exploit)
- Previous by thread: [NEWS] Websense Policy Filtering Bypass (User-Agent)
- Next by thread: [EXPL] Samba "send_mailslot()" Buffer Overflow Vulnerability (Exploit)