Cumulative Security Update For Internet Explorer (931768) Network Vulnerability

Summary

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2, and possibly 7 on Windows Vista does not properly instantiate certain COM objects as ActiveX controls, which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

Solution

Run Windows Update or download available hotfixes from the following website: http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

References

http://secunia.com/secunia_research/2007-36/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0947, CVE-2007-2221
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Cumulative Security Update for Internet Explorer (953838)
Microsoft Bluetooth Stack Remote Code Execution Vulnerability (2566220)
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)
Microsoft .NET Framework Multiple Vulnerabilities (2861561)
Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)

Cumulative Security Update for Internet Explorer (931768)

Take action and discover your vulnerabilities