Spyware, Viruses, & Security forum

General discussion

VULNERABILITIES \ FIXES - August 14, 2007

by Marianna Schmudlach / August 14, 2007 12:35 AM PDT

IBM AIX Multiple Command Buffer Overflow Privilege Escalation Vulnerabilities




Advisory ID : FrSIRT/ADV-2007-2860
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Moderate Risk
Remotely Exploitable : No
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

Multiple vulnerabilities have been identified in IBM AIX, which could be exploited by local attackers to obtain elevated privileges.

The first issue is caused by buffer overflow errors in the "chpath", "rmpath" and "devinstall" commands, which could be exploited by a malicious user in the system group to execute arbitrary code with elevated privileges.

The second vulnerability is caused by a buffer overflow error in the "fileplace" command, which could be exploited by local attackers to gain elevated privileges.

Affected Products

IBM AIX 5.2.0
IBM AIX 5.3.0

Solution

IBM AIX 5.2.0 - Apply APAR IZ00531 and IZ00154 :
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

IBM AIX 5.3.0 - Apply APAR IZ01433 and IZ00149 :
http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html

References

http://www.frsirt.com/english/advisories/2007/2860
ftp://aix.software.ibm.com/aix/efixes/security/README

Credits

Vulnerabilities reported by the vendor.

Discussion is locked
You are posting a reply to: VULNERABILITIES \ FIXES - August 14, 2007
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: VULNERABILITIES \ FIXES - August 14, 2007
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Streamripper "httplib_parse_sc_header()" Remote Buffer Overf
by Marianna Schmudlach / August 14, 2007 12:36 AM PDT

Streamripper "httplib_parse_sc_header()" Remote Buffer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2858
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Streamripper, which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by a buffer overflow error in the "httplib_parse_sc_header()" [lib/http.c] function when processing malformed data, which could be exploited by remote attackers to execute arbitrary code by convincing a user to connect to a specially crafted server.

Affected Products

Streamripper versions prior to 1.62.2

Solution

Upgrade to Streamripper version 1.62.2 :
http://sourceforge.net/projects/streamripper/

References

http://www.frsirt.com/english/advisories/2007/2858
http://sourceforge.net/project/shownotes.php?release_id=531738&group_id=6172

Credits

Vulnerability reported by the vendor.

Collapse -
Qbik WinGate SMTP Component Multiple Remote Format String Vu
by Marianna Schmudlach / August 14, 2007 12:38 AM PDT

Qbik WinGate SMTP Component Multiple Remote Format String Vulnerabilities

Advisory ID : FrSIRT/ADV-2007-2859
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

Multiple vulnerabilities have been identified in Qbik WinGate, which could be exploited by remote attackers to cause a denial of service or potentially take complete control of an affected system. These issues are caused by format string errors in the SMTP service when processing and logging malformed commands, which could be exploited by remote attackers to crash an affected application or potentially execute arbitrary code via a specially crafted command.

Affected Products

Qbik WinGate versions prior to 6.2.2

Solution

Upgrade to Qbik WinGate version 6.2.2 :
http://www.wingate.com/download.php

References

http://www.frsirt.com/english/advisories/2007/2859
http://www.wingate.com/news.php?id=50
http://www.harmonysecurity.com/HS-A007.html

Credits

Vulnerability reported by Stephen Fewer (Harmony Security).

Collapse -
Php Blue Dragon CMS "vsDragonRootPath" Remote File Inclusion
by Marianna Schmudlach / August 14, 2007 12:39 AM PDT

Php Blue Dragon CMS "vsDragonRootPath" Remote File Inclusion Vulnerability

Advisory ID : FrSIRT/ADV-2007-2861
CVE ID : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Php Blue Dragon CMS, which could be exploited by remote attackers to compromise a vulnerable web server. This issue is caused by an input validation error in the "public_includes/pub_blocks/activecontent.php" script when processing the "vsDragonRootPath" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.

Affected Products

Php Blue Dragon CMS version 3.0.0 and prior

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

References

http://www.frsirt.com/english/advisories/2007/2861

Credits

Vulnerability reported by Kacper.

Collapse -
Mandriva Security Update Fixes Xpdf PDF Handling Integer Ove
by Marianna Schmudlach / August 14, 2007 12:41 AM PDT

Mandriva Security Update Fixes Xpdf PDF Handling Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2862
CVE ID : CVE-2007-3387
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by an error in Xpdf. For additional information, see : FrSIRT/ADV-2007-2704

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate Server 3.0
Mandriva Corporate Server 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2862
http://www.mandriva.com/security/advisories?name=MDKSA-2007:158

Collapse -
Mandriva Security Update Fixes gpdf PDF Handling Integer Ove
by Marianna Schmudlach / August 14, 2007 12:42 AM PDT

Mandriva Security Update Fixes gpdf PDF Handling Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2863
CVE ID : CVE-2007-3387
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by an error in gpdf. For additional information, see : FrSIRT/ADV-2007-2704

Affected Products

Mandriva Corporate Server 3.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2863
http://www.mandriva.com/security/advisories?name=MDKSA-2007:159

Collapse -
Mandriva Security Update Fixes pdftohtml PDF File Integer Ov
by Marianna Schmudlach / August 14, 2007 12:43 AM PDT

Mandriva Security Update Fixes pdftohtml PDF File Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2864
CVE ID : CVE-2007-3387
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by an error in pdftohtml. For additional information, see : FrSIRT/ADV-2007-2704

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2864
http://www.mandriva.com/security/advisories?name=MDKSA-2007:160

Collapse -
Mandriva Security Update Fixes poppler PDF File Integer Over
by Marianna Schmudlach / August 14, 2007 12:45 AM PDT

Mandriva Security Update Fixes poppler PDF File Integer Overflow Vulnerability

Advisory ID : FrSIRT/ADV-2007-2865
CVE ID : CVE-2007-3387
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-08-14
Technical Description

A vulnerability has been identified in Mandriva, which could be exploited by remote attackers to cause a denial of service or compromise an affected system. This issue is caused by an error in poppler. For additional information, see : FrSIRT/ADV-2007-2704

Affected Products

Mandriva Linux 2007.0
Mandriva Linux 2007.1
Mandriva Corporate Server 4.0

Solution

Upgrade the affected packages

References

http://www.frsirt.com/english/advisories/2007/2865
http://www.mandriva.com/security/advisories?name=MDKSA-2007:161

Collapse -
Symantec Altiris Deployment Solution Aclient Log File Viewer
by Marianna Schmudlach / August 14, 2007 12:49 AM PDT

Symantec Altiris Deployment Solution Aclient Log File Viewer Privilege Escalation

Secunia Advisory: SA26435
Release Date: 2007-08-14


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch

Description:
A vulnerability has been reported in Symantec's Altiris Deployment Solution, which can be exploited by malicious, local users to gain escalated privileges.

The problem is that the Aclient process runs with local System privileges and allows for the Log File Viewer to open or execute arbitrary files with SYSTEM privileges.

The vulnerability is reported in version 6.x build 282 and earlier.

Solution:
Update to 6.8 SP2 (6.8.378).

Deployment Solution for Clients 6.8 SP2:
http://www.altiris.com/download.aspx

Provided and/or discovered by:
The vendor credits Andy Davis, Information Risk Management.

Original Advisory:
Symantec:
http://securityresponse.symantec.com/avcenter/security/Content/2007.08.13.html

Collapse -
Diskeeper RPC Request Handling Information Disclosure and De
by Marianna Schmudlach / August 14, 2007 12:50 AM PDT

Diskeeper RPC Request Handling Information Disclosure and Denial of Service



Secunia Advisory: SA26431
Release Date: 2007-08-14


Critical:
Less critical
Impact: Exposure of system information
DoS

Where: From local network

Solution Status: Unpatched


Software: Diskeeper 10.x
Diskeeper 2007 11.x
Diskeeper 9.x



Description:
Pravus has discovered two vulnerabilities in Diskeeper, which can be exploited by malicious people to cause a DoS (Denial of Service) or disclose certain system information.

The vulnerabilities are caused due to input validation errors within the Diskeeper service (DkService.exe) when handling arguments passed to RPC requests with opcode 0x01. These can be exploited to crash the service or gain knowledge of certain system information (e.g. Windows version, address of loaded modules) via a specially crafted RPC request sent to default port 31038/TCP.

The vulnerabilities are confirmed in Diskeeper 2007 - ProPremier and reportedly affects Diskeeper 9 Professional. Other versions may also be affected.

Solution:
Restrict access to the service.

Provided and/or discovered by:
Pravus

Original Advisory:
http://lists.grok.org.uk/pipermail/full-disclosure/2007-August/065245.html

Collapse -
Drupal Content Construction Kit Nodereference Module Cross-S
by Marianna Schmudlach / August 14, 2007 12:59 AM PDT

Drupal Content Construction Kit Nodereference Module Cross-Site Scripting

Secunia Advisory: SA26416
Release Date: 2007-08-14


Critical:
Less critical
Impact: Cross Site Scripting

Where: From remote

Solution Status: Vendor Patch


Software: Drupal Content Construction Kit 4.x
Drupal Content Construction Kit 5.x



Description:
Some vulnerabilities have been reported in the Drupal Content Construction Kit, which can be exploited by malicious people to conduct cross-site scripting attacks.

1) Unspecified input in the nodereference module is not properly sanitised before being returned to the user when a nodereference field is viewed using the "plain" formatter. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

2) Unspecified input in the nodereference module is not properly sanitised before being returned to the user when a nodereference field is edited using the "autocomplete text field" widget without the "Views.module" advanced option. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerabilities are reported in versions prior to 4.7.x-1.6 and 5.x-1.6.

Solution:
Drupal 4.7.x:
Update to Drupal Content Construction Kit 4.7.x-1.6.
http://drupal.org/node/166994

Drupal 5.x:
Update to Drupal Content Construction Kit 5.x-1.6.
http://drupal.org/node/166992

Provided and/or discovered by:
Gerhard Killesreiter, Drupal Security Team.

Original Advisory:
http://drupal.org/node/166998

Collapse -
Fedora Commons Empty LDAP Passwords Authentication Bypass
by Marianna Schmudlach / August 14, 2007 1:15 AM PDT

Secunia Advisory: SA26445
Release Date: 2007-08-14


Critical:
Moderately critical
Impact: Security Bypass

Where: From remote

Solution Status: Vendor Patch


Software: Fedora Commons 2.x

Description:
Bill Niebel has reported a vulnerability in Fedora Commons, which can be exploited by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an error when binding to an LDAP server with an empty password. Depending on the LDAP implementation used, this can be exploited to bypass the authentication mechanism.

The vulnerability is reported in versions prior to 2.2.1.

Solution:
Update to version 2.2.1.

Provided and/or discovered by:
Bill Niebel

Original Advisory:
http://sourceforge.net/project/shownotes.php?release_id=531870

http://sourceforge.net/tracker/index....8&group_id=177054&atid=879703

Collapse -
Debian update for kdegraphics
by Marianna Schmudlach / August 14, 2007 1:43 AM PDT

TITLE:
Debian update for kdegraphics

SECUNIA ADVISORY ID:
SA26410

VERIFY ADVISORY:
http://secunia.com/advisories/26410/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux 4.0
http://secunia.com/product/13844/
Debian GNU/Linux 3.1
http://secunia.com/product/5307/
Debian GNU/Linux unstable alias sid
http://secunia.com/product/530/

DESCRIPTION:
Debian has issued an update for kdegraphics. This fixes a
vulnerability, which potentially can be exploited by malicious people
to compromise a vulnerable system.

For more information:
SA26257

SOLUTION:
Apply updated packages

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00117.html

OTHER REFERENCES:
SA26257:
http://secunia.com/advisories/26257/

Collapse -
Ubuntu update for xfce4-terminal
by Marianna Schmudlach / August 14, 2007 1:45 AM PDT

TITLE:
Ubuntu update for xfce4-terminal

SECUNIA ADVISORY ID:
SA26392

VERIFY ADVISORY:
http://secunia.com/advisories/26392/

CRITICAL:
Not critical

IMPACT:
Security Bypass

WHERE:
From remote

OPERATING SYSTEM:
Ubuntu Linux 6.06
http://secunia.com/product/10611/
Ubuntu Linux 6.10
http://secunia.com/product/12470/
Ubuntu Linux 7.04
http://secunia.com/product/14068/

DESCRIPTION:
Ubuntu has issued an update for xfce4-terminal. This fixes a security
issue, which can be exploited by malicious people to inject shell
commands.

For more information:
SA26037

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://www.ubuntu.com/usn/usn-497-1

OTHER REFERENCES:
SA26037:
http://secunia.com/advisories/26037/

Collapse -
Debian update for gpdf
by Marianna Schmudlach / August 14, 2007 1:46 AM PDT

TITLE:
Debian update for gpdf

SECUNIA ADVISORY ID:
SA26432

VERIFY ADVISORY:
http://secunia.com/advisories/26432/

CRITICAL:
Moderately critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Debian GNU/Linux 3.1
http://secunia.com/product/5307/

DESCRIPTION:
Debian has issued an update for gpdf. This fixes a vulnerability,
which potentially can be exploited by malicious people to compromise
a user's system.

For more information:
SA18375

SOLUTION:
Apply updated packages.

ORIGINAL ADVISORY:
http://lists.debian.org/debian-security-announce/debian-security-announce-2007/msg00116.html

OTHER REFERENCES:
SA18375:
http://secunia.com/advisories/18375/

Collapse -
EZPhotoSales Multiple Vulnerabilities
by Marianna Schmudlach / August 14, 2007 1:48 AM PDT

TITLE:
EZPhotoSales Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA26341

VERIFY ADVISORY:
http://secunia.com/advisories/26341/

CRITICAL:
Highly critical

IMPACT:
Security Bypass, Cross Site Scripting, Exposure of sensitive
information, System access

WHERE:
From remote

SOFTWARE:
EZPhotoSales 1.x
http://secunia.com/product/15266/

DESCRIPTION:
Seth Fogie has reported some vulnerabilities and security issues in
EZPhotoSales, which can be exploited by malicious people to disclose
sensitive information and bypass certain security restrictions, and
by malicious users to conduct script insertion attacks and compromise
a vulnerable system.

1) It is possible to bypass the gallery access authentication by
directly accessing an image folder in the web browser.

2) A security issue is caused due to information being stored in
data/galleries.txt inside the web root. This can be exploited to
disclose the passwords for all galleries.

Successful exploitation of this vulnerability requires that the
administrator has not changed to an alternate location for this
file.

3) A security issue is caused due to information being stored in
configuration/config.dat inside the web root. This can be exploited
to disclose administrator username hashes and password hashes, which
can then be used for logging in as administrator.

4) Input passed to the "Title" parameter when changing settings is
not properly sanitised before being stored. This can be exploited to
insert arbitrary HTML and script code, which is executed in a user's
browser session in context of an affected site when the malicious
data is viewed.

Successful exploitation of this vulnerability requires valid
administrator credentials (but see #3).

5) The file upload functionality fails to validate the extension of
an uploaded file. This can be exploited to upload files with
arbitrary extensions (e.g. ".php") and execute arbitrary PHP code on
the server.

Successful exploitation of this vulnerability requires valid
administrator credentials (but see #3).

The vulnerabilities and security issues are reported in version
1.9.3. Other versions may also be affected.

SOLUTION:
Restrict web access (e.g. with ".htaccess") to the configuration/ and
data/ directories.

Use another product.

PROVIDED AND/OR DISCOVERED BY:
Seth Fogie

ORIGINAL ADVISORY:
http://www.airscanner.com/security/07080601_ezphotosales.htm

Collapse -
Microsoft Virtual PC / Virtual Server Privilege Escalation V
by Marianna Schmudlach / August 14, 2007 5:49 AM PDT

Microsoft Virtual PC / Virtual Server Privilege Escalation Vulnerability

Secunia Advisory: SA26444
Release Date: 2007-08-14


Critical:
Less critical
Impact: Privilege escalation

Where: Local system

Solution Status: Vendor Patch


Software: Microsoft Virtual PC 2004
Microsoft Virtual PC for Mac 6.x
Microsoft Virtual PC for Mac 7.x
Microsoft Virtual Server 2005



CVE reference: CVE-2007-0948 (Secunia mirror)







Description:
A vulnerability has been reported in Microsoft Virtual PC and Virtual Server, which can be exploited by malicious, local users to gain escalated privileges.

The vulnerability is caused due to an error within certain components that communicate with the host OS and can be exploited to cause a heap-based buffer overflow.

Successful exploitation allows an administrative user on a guest OS to e.g. execute arbitrary code on the host OS or other guest OS's.

Solution:
Apply patches.

Microsoft Virtual PC 2004:
http://www.microsoft.com/downloads/de...=E2C72AAB-00DE-47C9-8ECB-09261C4B7DEB

Microsoft Virtual PC 2004 Service Pack 1:
http://www.microsoft.com/downloads/de...=2BDA2B8B-9C1C-4BF8-9A65-491092276E7A

Microsoft Virtual Server 2005 Standard Edition:
http://www.microsoft.com/downloads/de...=F9EC76CD-0607-4394-BC49-35E95D02DA51

Microsoft Virtual Server 2005 Enterprise Edition:
http://www.microsoft.com/downloads/de...=A35E556C-2F7B-4B72-9662-AE7286573C3F

Microsoft Virtual Server 2005 R2 Standard Edition:
http://www.microsoft.com/downloads/de...=D44B8669-A4FB-4CBA-B130-E1BC08B10C6F

Microsoft Virtual Server 2005 R2 Enterprise Edition:
http://www.microsoft.com/downloads/de...=84CA3BA9-6575-4C5B-8F8E-4E4A635A4705

Microsoft Virtual PC for Mac Version 6.1/7.0:
http://www.microsoft.com/mac/downloads.aspx#VPC

Provided and/or discovered by:
The vendor credits Rafal Wojtczuk, McAfee Avert Labs.

Original Advisory:
MS07-049 (KB937986):
http://www.microsoft.com/technet/security/Bulletin/MS07-049.mspx

Collapse -
Microsoft Windows OLE Automation Memory Corruption Vulnerabi
by Marianna Schmudlach / August 14, 2007 5:51 AM PDT

Microsoft Windows OLE Automation Memory Corruption Vulnerability

Secunia Advisory: SA26449
Release Date: 2007-08-14


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


OS: Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Server
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Professional



Software: Microsoft Office 2004 for Mac
Microsoft Visual Basic 6.x



CVE reference: CVE-2007-2224 (Secunia mirror)







Description:
A vulnerability has been reported in Microsoft Windows, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error in OLE Automation when processing certain script requests. This can be exploited to cause a memory corruption when a user e.g. visits a specially crafted website.

Successful exploitation may allow execution of arbitrary code.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Apply patches.

Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=5c35b6e8-732a-4451-b5d4-23ed63e6e792

Windows XP SP2:
http://www.microsoft.com/downloads/de...=6e8de050-8589-4831-ae19-075c93509485

Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=b85bb583-dc61-4d37-b458-208f5bb07ece

Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=15d4d4fa-9bab-4da5-978e-f89c78c8086a

Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=6608d722-3ef8-4085-b771-7b17bb0ba06e

Windows Server 2003 for Itanium-based Systems SP1/SP2:
http://www.microsoft.com/downloads/de...=fc04451a-0696-4a21-b2b6-f02d4e2c33bf

Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac/downloads.aspx#Office2004

Microsoft Visual Basic 6.0 Service Pack 6 (KB924053):
http://www.microsoft.com/downloads/de...=E1646FB0-29D5-4A6E-A8D2-304C4D7735B7

Provided and/or discovered by:
The vendor credits:
* An anonymous researcher, reported via iDefense Labs.
* An anonymous researcher, reported via ZDI.

Original Advisory:
MS07-043 (KB921503):
http://www.microsoft.com/technet/security/Bulletin/MS07-043.mspx

Collapse -
Microsoft XML Core Services Memory Corruption Vulnerability
by Marianna Schmudlach / August 14, 2007 6:08 AM PDT

Secunia Advisory: SA26447
Release Date: 2007-08-14


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Microsoft Core XML Services (MSXML) 6.x
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2007
Microsoft Office Groove Server 2007
Microsoft Office SharePoint Server 2007
Microsoft XML Core Services (MSXML) 4.x
Microsoft XML Core Services 3.x

Description:
A vulnerability has been reported in Microsoft XML Core Services, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an input validation error when handling certain script requests. This can be exploited to cause a memory corruption when a user e.g. visits a malicious website.

Successful exploitation may allow execution of arbitrary code.

Solution:
Apply patches.

Microsoft XML Core Services 3.0 for Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=245214ea-76f9-4755-8a14-a74232e20c1c

Microsoft XML Core Services 4.0 for Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 6.0 for Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=70C92E77-9E5A-41B1-A9D2-64443913C976

Microsoft XML Core Services 3.0 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=dea6a48f-fb00-43f3-a374-3220f9759c2d

Microsoft XML Core Services 3.0 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=b8862ca9-1203-4056-a257-29271838ac0d

Microsoft XML Core Services 4.0 for Windows XP SP2
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 4.0 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 6.0 for Windows XP SP2
http://www.microsoft.com/downloads/de...=70C92E77-9E5A-41B1-A9D2-64443913C976

Microsoft XML Core Services 6.0 for Windows XP Professional x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=70C92E77-9E5A-41B1-A9D2-64443913C976

Microsoft XML Core Services 3.0 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=12618ad0-aefd-4c9a-a769-4b14a7603d6e

Microsoft XML Core Services 3.0 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=61bf00a9-aeea-431a-86d3-526a4a373bb7

Microsoft XML Core Services 3.0 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/de...=b0285dd7-bf66-4226-9948-26e8aae99046

Microsoft XML Core Services 4.0 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 4.0 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 4.0 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 6.0 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=70C92E77-9E5A-41B1-A9D2-64443913C976

Microsoft XML Core Services 6.0 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=70C92E77-9E5A-41B1-A9D2-64443913C976

Microsoft XML Core Services 6.0 for Windows Server 2003 for Itanium-based systems SP1/SP2:
http://www.microsoft.com/downloads/de...=70C92E77-9E5A-41B1-A9D2-64443913C976

Microsoft XML Core Services 3.0 for Windows Vista:
http://www.microsoft.com/downloads/de...=c734d7de-5d87-4904-81c3-714db2cb8b0d

Microsoft XML Core Services 3.0 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/de...=0a465d77-a737-4d26-82a1-570f9c788a8a

Microsoft XML Core Services 4.0 for Windows Vista:
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 4.0 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/de...=021E12F5-CB46-43DF-A2B8-185639BA2807

Microsoft XML Core Services 6.0 for Windows Vista:
http://www.microsoft.com/downloads/de...=14270529-3ae5-43bf-a471-722ab010d81e

Microsoft XML Core Services 6.0 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/de...=928da3d2-b0b9-447a-b37a-4350497fe563

Microsoft XML Core Services 5.0 in Microsoft Office 2003 Service Pack 2:
http://www.microsoft.com/downloads/de...=A339CB7B-E08A-47F8-AC0B-DF449191424A

Microsoft XML Core Services 5.0 in 2007 Microsoft Office System:
http://www.microsoft.com/downloads/de...=7A97478A-832C-4A6B-B074-0E18B1E4ED33

Microsoft XML Core Services 5.0 in Microsoft Office SharePoint Server:
http://www.microsoft.com/downloads/de...=E875613B-2F32-4F28-A635-664A25C95C18

Microsoft XML Core Services 5.0 in Microsoft Office Groove Server 2007:
http://www.microsoft.com/downloads/de...=E875613B-2F32-4F28-A635-664A25C95C18

Provided and/or discovered by:
The vendor credits:
* An anonymous researcher, reported via iDefense Labs
* An anonymous researcher, reported via ZDI

Original Advisory:
MS07-042 (KB936227):
http://www.microsoft.com/technet/security/Bulletin/MS07-042.mspx

Collapse -
Windows Media Player Skin Handling Code Execution Vulnerabil
by Marianna Schmudlach / August 14, 2007 6:10 AM PDT

Windows Media Player Skin Handling Code Execution Vulnerabilities

Secunia Advisory: SA26433
Release Date: 2007-08-14


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Microsoft Windows Media Player 10.x
Microsoft Windows Media Player 11.x
Microsoft Windows Media Player 7.x
Microsoft Windows Media Player 9.x

Description:
Two vulnerabilities have been reported in Windows Media Player, which can be exploited by malicious people to compromise a user's system.

1) An error in the parsing of header information in skin files can be exploited to execute arbitrary code on a user's system by tricking the user into opening a malicious skin file.

2) An error in the decompression of skin files can be exploited to execute arbitrary code on a user's system by tricking the user into opening a malicious skin file.

Secunia has constructed the Secunia Software Inspector, which you can use to check if your system is vulnerable:
http://secunia.com/software_inspector/

Solution:
Apply patches.

Windows Media Player 7.1 for Windows 2000 SP4:
http://www.microsoft.com/downloads/de...=9f46b1fc-ee7b-437f-9492-67d003711021

Windows Media Player 9 for Windows 2000 SP4 / Windows XP SP2:
http://www.microsoft.com/downloads/de...bd4a6474-5fde-415e-840e-7d973cb71c95

Windows Media Player 10 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=48f5a9d3-b859-4cb6-a68e-abde76a14782

Windows Media Player 10 for Windows XP Professional X64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=949580be-cbb3-4271-8ca0-0ead7f2d8801

Windows Media Player 10 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/de...=8d9f1fdf-6d4c-44d4-9b5f-bdbe8ac28d7f

Windows Media Player 10 for Windows Server 2003 x64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=2c04c7f2-728e-43bd-8574-26e411fcd129

Windows Media Player 11 for Windows XP SP2:
http://www.microsoft.com/downloads/de...=a690d042-1137-4aaf-bd0e-565ea04d1f2b

Windows Media Player 11 for Windows XP Professional X64 Edition (optionally with SP2):
http://www.microsoft.com/downloads/de...=bdc89f34-c1ff-46ab-b52d-c02d51c5c373

Windows Media Player 11 for Windows Vista:
http://www.microsoft.com/downloads/de...=80e5167c-4f75-4ce3-8b15-2f50958deec8

Windows Media Player 11 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/de...=bf30b714-d6e7-47ea-b79e-84c18370a661

Provided and/or discovered by:
The vendor credits Piotr Bania and ZDI.

Original Advisory:
MS07-047 (KB936782):
http://www.microsoft.com/technet/security/Bulletin/MS07-047.mspx

Collapse -
Microsoft Releases August Security Bulletins
by Marianna Schmudlach / August 14, 2007 6:11 AM PDT

added August 14, 2007 at 02:16 pm | updated August 14, 2007 at 03:06 pm

Microsoft has released updates to address vulnerabilities in Windows, Windows Media Player, Windows Gadgets, Office, Excel, Internet Explorer, Visual Basic, Virtual Sever, and Virtual PC as part of the Microsoft Security Bulletin Summary for August 2007.

More information about these vulnerabilities is located in the Vulnerability Notes Database

US-CERT strongly encourages users to review the bulletins and follow best-practice security policies to determine what updates should be applied.

http://www.us-cert.gov/current/current_activity.html#microsoft_releases_august_security_bulletins

Collapse -
Publicly Available Exploit for Microsoft FlashPix ActiveX Co
by Marianna Schmudlach / August 14, 2007 6:14 AM PDT

Publicly Available Exploit for Microsoft FlashPix ActiveX Control

added August 14, 2007 at 12:53 pm

US-CERT is aware of publicly available exploit code for a buffer overflow vulnerability in the Microsoft DirectX Media 6.0 SDK FlashPix ActiveX control. This vulnerability may allow a remote, unauthenticated attacker to cause a denial-of-service condition or execute arbitrary code on an affected system by convincing a user to view a specially crafted HTML document.

More information can be found in Vulnerability Note VU#466601.

US-CERT encourages users to Disable ActiveX controls as described in the Securing Your Web Browser document.


http://www.us-cert.gov/current/current_activity.html#microsoft_releases_august_security_bulletins

Collapse -
Microsoft Excel rtWnDesk Record Memory Corruption Vulnerabil
by Marianna Schmudlach / August 14, 2007 6:16 AM PDT

Microsoft Excel rtWnDesk Record Memory Corruption Vulnerability

Secunia Advisory: SA26145
Release Date: 2007-08-14


Critical:
Highly critical
Impact: System access

Where: From remote

Solution Status: Vendor Patch


Software: Microsoft Excel 2000
Microsoft Excel 2002
Microsoft Excel 2003
Microsoft Excel Viewer 2003
Microsoft Office 2000
Microsoft Office 2003 Professional Edition
Microsoft Office 2003 Small Business Edition
Microsoft Office 2003 Standard Edition
Microsoft Office 2003 Student and Teacher Edition
Microsoft Office 2004 for Mac
Microsoft Office XP

Description:
Secunia Research has discovered a vulnerability in Microsoft Excel, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error when validating an index value in the rtWnDesk record and can be exploited to corrupt memory via a specially crafted Excel Workspace (XLW) file.

Successful exploitation may allow execution of arbitrary code.

Other unspecified security issues discovered internally by Microsoft have also been reported.

Solution:
Apply patches.

Microsoft Office 2000 SP3:
http://www.microsoft.com/downloads/de...082B98F7-9556-4F1F-823A-C41DDF5A7C9A

Microsoft Office XP SP3:
http://www.microsoft.com/downloads/de...=91308769-2577-4F9F-8209-06F2C8C8A86F

Microsoft Office 2003 SP2:
http://www.microsoft.com/downloads/de...=B0130E9E-8845-4D79-AAA1-A21CC9388ABE

Microsoft Excel Viewer 2003:
http://www.microsoft.com/downloads/de...=C4A87572-3128-44F7-8069-95535A78500A

Microsoft Office 2004 for Mac:
http://www.microsoft.com/mac/downloads.aspx#Office2004

Provided and/or discovered by:
Dyon Balding, Secunia Research.

Original Advisory:
MS07-044 (KB940965):
http://www.microsoft.com/technet/security/Bulletin/MS07-044.mspx

Collapse -
Microsoft Windows Vector Markup Language Buffer Overflow
by Marianna Schmudlach / August 14, 2007 6:50 AM PDT

TITLE:
Microsoft Windows Vector Markup Language Buffer Overflow

SECUNIA ADVISORY ID:
SA26409

VERIFY ADVISORY:
http://secunia.com/advisories/26409/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Storage Server 2003
http://secunia.com/product/12399/
Microsoft Windows Vista
http://secunia.com/product/13223/

SOFTWARE:
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the Vector
Markup Language (VML) implementation (vgx.dll). This can be exploited
to cause a buffer overflow during the VML rendering when a user e.g.
visits a malicious website using Internet Explorer.

Successful exploitation may allow execution of arbitrary code.

SOLUTION:
Apply patches.

Internet Explorer 5.01 SP4 for Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=31E63D6F-B6B7-41D7-8AE6-DD7FCF89D477

Internet Explorer 6 SP1 for Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7099D33A-0EF6-423F-824E-757482517612

Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4447D74F-09EA-4BE0-9DAE-C243CE657FB7

Internet Explorer 6 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=98CCD207-F4D0-4625-AEAB-0EBF1643A5FD

Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=463535AA-E04E-4A30-B3AB-8CD6D8CDD13C

Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally
with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=9D4375D4-FB9B-4771-BD6F-E5D23EEDBC6B

Internet Explorer 6 for Windows Server 2003 for Itanium-based systems
SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C7BE313B-3405-42E1-9E4B-0CB6BF3D2CB1

Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F

Internet Explorer 7 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=1C3168A9-D959-4137-868A-EC70DA737C21

Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=59884E97-4912-4A9A-8A31-8182EA2D24DB

Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally
with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=42060E27-DE14-4D0C-92A0-138CB57FE2B5

Internet Explorer 7 for Windows Server 2003 with SP1/SP2 for
Itanium-based systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=A536206E-9D1B-49A8-81A1-53D46F2DE973

Internet Explorer 7 for Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=2DD908A4-6152-4976-AAAA-01F5F37C9143

Internet Explorer 7 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=592435BC-1D43-4544-BD8A-4A2D829DC1A1

PROVIDED AND/OR DISCOVERED BY:
The vendor credits eEye Digital Security.

ORIGINAL ADVISORY:
MS07-050 (KB938127):
http://www.microsoft.com/technet/security/Bulletin/MS07-050.mspx

Collapse -
Microsoft Windows Vista Gadgets Code Execution Vulnerabiliti
by Marianna Schmudlach / August 14, 2007 6:52 AM PDT

TITLE:
Microsoft Windows Vista Gadgets Code Execution Vulnerabilities

SECUNIA ADVISORY ID:
SA26439

VERIFY ADVISORY:
http://secunia.com/advisories/26439/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows Vista
http://secunia.com/product/13223/

DESCRIPTION:
Three vulnerabilities have been reported in Microsoft Windows Vista,
which can be exploited by malicious people to compromise a user's
system.

1) An error in the Feed Headlines gadget when parsing HTML attributes
can be exploited to execute arbitrary code via a specially crafted RSS
post.

Successful exploitation requires that a user e.g. is tricked into
subscribing to a malicious RSS feed in the Feed Headlines gadget
using Internet Explorer.

2) An error in the Contacts Gadget when processing contacts can be
exploited to execute arbitrary code when selecting a
specially-crafted contact or if it is the first contact in the list.

Successful exploitation requires that a user e.g. is tricked into
adding or importing a malicious contact into the Contacts Gadget (not
enabled by default).

3) An error in the Weather Gadget when processing HTML attributes can
be exploited to execute arbitrary code when a user e.g. clicks on a
link on the affected gadget.

Successful exploitation requires a MitM (Man-in-the-Middle) attack
and that the links are visible in the Weather Gadget by dragging and
dropping the gadget on the desktop.

SOLUTION:
Apply patches.

Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=49a5bd84-da71-4529-b4d3-ac57dab59e01

Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=24443f59-b908-480b-9b72-7094d4b5e128

PROVIDED AND/OR DISCOVERED BY:
1) The vendor credits Aviv Raff, reported via iDefense Labs.
2) The vendor credits Aviv Raff, Finjan.
3) Reported by the vendor.

ORIGINAL ADVISORY:
MS07-048 (KB938123):
http://www.microsoft.com/technet/security/Bulletin/MS07-048.mspx

Collapse -
Windows Graphics Rendering Engine Image Handling Vulnerabili
by Marianna Schmudlach / August 14, 2007 6:54 AM PDT

TITLE:
Windows Graphics Rendering Engine Image Handling Vulnerability

SECUNIA ADVISORY ID:
SA26423

VERIFY ADVISORY:
http://secunia.com/advisories/26423/

CRITICAL:
Highly critical

IMPACT:
DoS, System access

WHERE:
From remote

OPERATING SYSTEM:
Microsoft Windows 2000 Advanced Server
http://secunia.com/product/21/
Microsoft Windows 2000 Datacenter Server
http://secunia.com/product/1177/
Microsoft Windows 2000 Professional
http://secunia.com/product/1/
Microsoft Windows 2000 Server
http://secunia.com/product/20/
Microsoft Windows XP Home Edition
http://secunia.com/product/16/
Microsoft Windows XP Professional
http://secunia.com/product/22/
Microsoft Windows Server 2003 Datacenter Edition
http://secunia.com/product/1175/
Microsoft Windows Server 2003 Enterprise Edition
http://secunia.com/product/1174/
Microsoft Windows Server 2003 Standard Edition
http://secunia.com/product/1173/
Microsoft Windows Server 2003 Web Edition
http://secunia.com/product/1176/
Microsoft Windows Storage Server 2003
http://secunia.com/product/12399/

DESCRIPTION:
A vulnerability has been reported in Microsoft Windows, which
potentially can be exploited by malicious people to compromise a
user's system.

The vulnerability is caused due to a boundary error in the graphics
rendering engine when parsing images.

Successful exploitation may allow execution of arbitrary code if a
user e.g. opens a specially crafted attachment in an e-mail.

SOLUTION:
Apply patches.

Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8fc8340b-c2b3-4559-835c-caa00cf086b9

Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=dc29475d-c0bb-4d35-8dd6-4ca1cac32315

Windows XP Professional x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=3c81730a-981a-4649-b2d9-45144230d512

Windows Server 2003 SP1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5374583d-de68-4d65-bca8-598d6b98b8b3

Windows Server 2003 x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=c3359f27-e03e-4a4f-b896-3bda39f69f7e

Windows Server 2003 with SP1 for Itanium-based systems:
http://www.microsoft.com/downloads/details.aspx?FamilyId=92822479-2060-4357-a340-ed096f180b2b

PROVIDED AND/OR DISCOVERED BY:
The vendor credits eEye Digital Security.

ORIGINAL ADVISORY:
MS07-046 (KB938829):
http://www.microsoft.com/technet/security/Bulletin/MS07-046.mspx

Collapse -
Microsoft Internet Explorer Multiple Vulnerabilities
by Marianna Schmudlach / August 14, 2007 7:31 AM PDT

TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA26419

VERIFY ADVISORY:
http://secunia.com/advisories/26419/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Internet Explorer 7.x
http://secunia.com/product/12366/

DESCRIPTION:
Some vulnerabilities have been reported in Internet Explorer, which
can be exploited by malicious people to compromise a user's system.

1) An error when parsing certain CSS strings can be exploited to
cause a memory corruption when a user e.g. visits a malicious
website.

Successful exploitation may allow execution of arbitrary code.

2) The tblinf32.dll or vstlbinf.dll ActiveX control implements
IObjectsafety incorrectly, which can be exploited to execute
arbitrary code when a user e.g. visits a malicious website.

3) An error in the pdwizard.ocx ActiveX control can be exploited to
cause a memory corruption when a user e.g. visits a malicious
website.

Successful exploitation may allow execution of arbitrary code.

SOLUTION:
Apply patches.

Internet Explorer 5.01 SP4 for Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=FCF9440F-BB36-4ED1-9B6B-74A4F055650B

Internet Explorer 6 SP1 for Windows 2000 SP4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=8DB75461-4DCA-43DB-AA30-C7E67CE954AD

Internet Explorer 6 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5D31D916-867F-4DBF-B8A4-C75EA83F4F51

Internet Explorer 6 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=B15B2442-D6DA-41DD-A424-11C9893BE595

Internet Explorer 6 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F2F9FB69-0399-4DF0-9F5B-8F42A130C581

Internet Explorer 6 for Windows Server 2003 x64 Edition (optionally
with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=D0BD886D-2C80-4DD7-82B7-1BD1F8D398CC

Internet Explorer 6 for Windows Server 2003 for Itanium-based Systems
SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BF41033A-D6F0-451E-9B69-4CBE2BB3F804

Internet Explorer 7 for Windows XP SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7A2B4395-EABA-45EC-8D0C-932EBCC3D344

Internet Explorer 7 for Windows XP Professional x64 Edition
(optionally with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=CD7ED4D5-7790-41DB-8B68-CFD59105CA36

Internet Explorer 7 for Windows Server 2003 SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4F8DAED8-9925-494D-B2F5-1E29F4040F6A

Internet Explorer 7 for Windows Server 2003 x64 Edition (optionally
with SP2):
http://www.microsoft.com/downloads/details.aspx?FamilyId=34669CA2-46B0-4FBF-8FBD-AD7A13920103

Internet Explorer 7 for Windows Server 2003 for Itanium-based Systems
SP1/SP2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=5BD7BCBD-528A-4A16-A39A-A5FF5F69A2E2

Internet Explorer 7 for Windows Vista:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE27B2F-ACA4-4758-8CE4-A98F1FF6BA70

Internet Explorer 7 for Windows Vista x64 Edition:
http://www.microsoft.com/downloads/details.aspx?FamilyId=53497E53-D10C-43AF-AD56-9F07739A5284

PROVIDED AND/OR DISCOVERED BY:
The vendor credits:
1) NSFocus Security Team
2) Brett Moore, Security-Assessment.com

ORIGINAL ADVISORY:
MS07-045 (KB937143):
http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx

Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

The Samsung RF23M8090SG

One of the best French door fridges we've tested

A good-looking fridge with useful features like an auto-filling water pitcher and a temperature-adjustable "FlexZone" drawer. It was a near-flawless performer in our cooling tests.