Cumulative Security Update For Internet Explorer (931768) Network Vulnerability

Summary

Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2, and possibly 7 on Windows Vista does not properly instantiate certain COM objects as ActiveX controls, which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll.

Solution

Run Windows Update or download available hotfixes from the following website: http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

References

http://secunia.com/secunia_research/2007-36/

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-0942, CVE-2007-0944, CVE-2007-0945, CVE-2007-0947, CVE-2007-2221

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Microsoft .NET Common Language Runtime Remote Code Execution Vulnerability (2265906)
ADODB.Stream object from Internet Explorer (KB870669)
Buffer Overrun In HTML Converter Could Allow Code Execution (823559)
Microsoft Active Directory Denial of Service Vulnerability (953235)
Microsoft Foundation Class (MFC) Library Remote Code Execution Vulnerability (2500212)

Cumulative Security Update for Internet Explorer (931768)

Take action and discover your vulnerabilities