Summary
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka Uninitialized Memory Corruption Vulnerability.
Solution
Run Windows update or apply fixes available from the following website:
http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0218
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1499
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1750
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1751
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2222
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3027
- http://www.securityfocus.com/archive/1/archive/1/471210/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-0218, CVE-2007-1499, CVE-2007-1750, CVE-2007-1751, CVE-2007-2222, CVE-2007-3027 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft .NET Framework Remote Code Execution Vulnerability (2745030)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2706726)
- Microsoft Active Accessibility Remote Code Execution Vulnerability (2623699)
- IE 5.01 5.5 6.0 Cumulative patch (890923)
- Buffer Overrun in Messenger Service (828035)