Summary
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka Uninitialized Memory Corruption Vulnerability.
Solution
Run Windows update or apply fixes available from the following website:
http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0218
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1499
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1750
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1751
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2222
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3027
- http://www.securityfocus.com/archive/1/archive/1/471210/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-0218, CVE-2007-1499, CVE-2007-1750, CVE-2007-1751, CVE-2007-2222, CVE-2007-3027 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Cumulative Security Update for Internet Explorer (928090)
- Microsoft .NET Framework Remote Code Execution Vulnerability (2484015)
- Cumulative Security Update for Internet Explorer (931768)
- Microsoft Wireless LAN AutoConfig Service Remote Code Execution Vulnerability (970710)
- IE 5.01 5.5 6.0 Cumulative patch (890923)