A Remote Vulnerability exists in Internet Explorer which could allow an attacker to rewrite an arbitrary file on an affected system.
- Microsoft Windows 2000 Service Pack 4
- Microsoft Windows XP Service Pack 2
- Microsoft Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
- Microsoft Windows Server 2003 Service Pack 1 and Microsoft Windows Server 2003 Service Pack 2
- Microsoft Windows Server 2003 with SP1 for Itanium-based Systems and Microsoft Windows Server 2003 with SP2 for Itanium-based Systems
- Microsoft Windows Server 2003 x64 Edition Service Pack 1 and Microsoft Windows Server 2003 x64 Edition Service Pack 2
- Windows Vista
- Windows Vista x64 Edition
A remote attacker could compromise a web site or host a malicious web page that is used to exploit this vulnerability. When a user is enticed to view the page through links from webpages, emails, or instant messages and they have the vulnerable media service component ( mdsauth.dll ), an arbitrary pre-existing file can be rewritten. This can lead remote code execution and allow full control of the affected system.
This vulnerability is due to improper sanitization of remotely supplied data.
- Install updates provided by Microsoft included in (MS07-027)
- Fortinet Global Security Research Team