Summary
Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka Uninitialized Memory Corruption Vulnerability.
Solution
Run Windows update or apply fixes available from the following website:
http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
References
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0218
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1499
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1750
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1751
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2222
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3027
- http://www.securityfocus.com/archive/1/archive/1/471210/100/0/threaded
- http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2007-0218, CVE-2007-1499, CVE-2007-1750, CVE-2007-1751, CVE-2007-2222, CVE-2007-3027 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Microsoft Distributed File System Remote Code Execution Vulnerabilities (2535512)
- Embedded OpenType Font Engine Remote Code Execution Vulnerability (982132)
- Microsoft .NET Framework Authentication Bypass and Spoofing Vulnerabilities (2836440)
- Microsoft Filter Pack Remote Code Execution Vulnerability (2801261)
- Cumulative Security Update for Internet Explorer (939653)