Summary
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka Uninitialized Memory Corruption Vulnerability.
Solution
Run Windows update or apply fixes available from the following website:
http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0218
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1499
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1750
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1751
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2222
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3027
- http://www.securityfocus.com/archive/1/archive/1/471210/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-0218, CVE-2007-1499, CVE-2007-1750, CVE-2007-1751, CVE-2007-2222, CVE-2007-3027 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
- Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
- Microsoft DHTML Editing Component ActiveX Remote Code Execution Vulnerability (956844)
- Microsoft IIS Security Bypass Vulnerability (970483)