Alias(es)MS.IE.DHTML.Object.Memory.Corruption |
Release DateDec 12, 2007 |
Severitycritical |
ImpactSystem compromise: remote code execution. |
DescriptionThis indicates an attempt to exploit a remote code execution vulnerability in Microsoft Internet Explorer.The vulnerability is a result of the way that Internet Explorer displays a web page that contains certain unexpected method calls to HTML objects. This leads to system memory being corrupted in such a way that an attacker can execute arbitrary code if a user visits a malicious Web site. |
Affected ProductsIE6 SP1 for Microsoft Windows 2000 SP4IE6 for Windows XP SP2 IE6 for Windows XP Prof x64 Edition and Windows XP Prof x64 Edition SP2 IE6 for Windows Server 2003 SP1 and Windows Server 2003 SP2 IE6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2 IE6 for Windows Server 2003 with SP1 for Itanium-based Systems IE6 for Windows Server 2003 with SP2 for Itanium-based Systems IE7 for Windows XP SP2 IE7 for Windows XP Prof x64 Edition IE7 for Windows XP Prof x64 Edition SP2 IE7 for Windows Server 2003 SP1 and Windows Server 2003 SP2 IE7 for Windows Server 2003 x64 Edition IE7 for Windows Server 2003 x64 Edition SP2 IE7 for Windows Server 2003 with SP1 for Itanium-based Systems IE7 for Windows Server 2003 with SP2 for Itanium-based Systems IE7 in Windows Vista IE7 in Windows Vista x64 Edition |
Recommended ActionsApply patches.Windows 2000 SP4 with Internet Explorer 5.01 SP4: http://www.microsoft.com/downloads/de...=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB Windows 2000 SP4 with Internet Explorer 6 SP1: http://www.microsoft.com/downloads/de...=BC8EDF05-262A-4D1D-B196-4FC1A844970C Windows XP SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/de...=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/de...=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2 Windows Server 2003 SP1/SP2 with Internet Explorer 6: http://www.microsoft.com/downloads/de...=BF466060-A585-4C2E-A48D-70E080C3BBE7 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6: http://www.microsoft.com/downloads/de...=074697F2-18C8-4521-BBF7-1D0E7395D27D Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6: http://www.microsoft.com/downloads/de...=B3F390A6-0361-4553-B627-5E7AD6BF5055 Windows XP SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/de...=B15A6506-02DD-43C2-AEF4-E10C1C76EE97 Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/de...=C092A6BB-8E62-4D90-BDB1-5F3A15968F75 Windows Server 2003 SP1/SP2 with Internet Explorer 7: http://www.microsoft.com/downloads/de...=34759C10-16A5-42A2-974D-9D532FB5A0A7 Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7: http://www.microsoft.com/downloads/de...=7DCCCE5A-7562-448B-A345-CF1CC758E35C Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7: http://www.microsoft.com/downloads/de...=8414F3FB-216A-4D46-B590-4C1F304DFF91 Windows Vista with Internet Explorer 7: http://www.microsoft.com/downloads/de...=26D303DA-BB2E-4555-96F1-BECB0E277341 Windows Vista x64 Edition with Internet Explorer 7: http://www.microsoft.com/downloads/de...=C5E88E0B-A4C2-4690-91D9-326800030A16 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-5347 |
Reference/shttp://www.microsoft.com/technet/security/Bulletin/ms07-069.mspx (MS-ID)http://www.securityfocus.com/bid/26427 (BugTraq) |
