Cumulative Security Update For Internet Explorer (931768) Network Vulnerability

Summary

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2, and possibly 7 on Windows Vista does not properly instantiate certain COM objects as ActiveX controls, which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

Solution

Run Windows Update or download available hotfixes from the following website: http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

References

http://secunia.com/secunia_research/2007-36/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0947, CVE-2007-2221

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft Groove Remote Code Execution Vulnerability (2494047)
Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
Microsoft Embedded OpenType Font Engine Remote Code Execution Vulnerabilities (961371))
Internet Information Services (IIS) FTP Service Remote Code Execution Vulnerability (2489256)
Microsoft Antimalware Client Privilege Elevation Vulnerability (2823482)

Cumulative Security Update for Internet Explorer (931768)

Take action and discover your vulnerabilities