Cumulative Security Update For Internet Explorer (931768) Network Vulnerability

Summary

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2, and possibly 7 on Windows Vista does not properly instantiate certain COM objects as ActiveX controls, which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

Solution

Run Windows Update or download available hotfixes from the following website: http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

References

http://secunia.com/secunia_research/2007-36/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0947, CVE-2007-2221

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft DirectShow Remote Code Execution Vulnerability (2929961)
Microsoft .NET Framework and Silverlight Remote Code Execution Vulnerability (2604930)
Cumulative Security Update for Internet Explorer (958215)
Microsoft Group Policy Remote Code Execution Vulnerability (3000483)
Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)

Cumulative Security Update for Internet Explorer (931768)

Take action and discover your vulnerabilities