Overview
» IDS/IPS Signatures
Security Sites
Products
White Papers
Data Sheets
Case Studies
Support Login
Locate a Partner
iPolicy Networks Security Advisory
 

Microsoft Internet Explorer Multiple Vulnerabilities
Date Discovered: 02/13/2007
Severity: High
Applications Affected: Internet Explorer 5.01 SP 4 on Windows 2000 SP 4
Internet Explorer 6 SP 1 when installed on Windows 2000 SP 4
Internet Explorer 6 for Windows XP SP 2
Internet Explorer 6 for Windows Server 2003 and Windows Server 2003 SP 1
Synopsis
There exists multiple remote code execution vulnerabilities in Microsoft Internet Explorer.
Recommended Actions
Update the patches as guided by vendor at :
http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx

Threat Analysis
Windows Internet Explorer (previously known as Microsoft Internet Explorer, abbreviated IE or MSIE) is a proprietary graphical web browser developed by Microsoft and included as part of the Microsoft Windows line of operating systems.
The first two flaws is due to ,When Internet Explorer tries to instantiate certain COM objects as ActiveX controls, the COM objects may corrupt the system state in such a way that an attacker could execute arbitrary code.An attacker who successfully exploited this vulnerability could gain the same user rights as the local user.
The third flaw is due to When Internet Explorer handles specially crafted FTP server responses it may corrupt system memory in such a way that an attacker could execute arbitrary code.An attacker who successfully exploited these vulnerabilities could gain the same user rights as the local user.
References

http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0219
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4697
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0217
Write-up by: Nataraj Vasam
Security Sites
 
“iPolicy is one of the most visionary firewall vendors in the firewall Magic Quadrant. Its architecture of a central session processing engine and multiple content blades that are able to block based on signatures, rules and so on is the closest to the network security ideal.”
 
Greg Young, John Pescatore
Magic Quadrant for Network Firewalls, 2H04, Gartner
 

 
Home | About Us | Products | Technology | Solutions | Support | Partners | News & Events | Resources | Contact Us
Copyright ©2008 iPolicy Networks - Security Products Division of Tech Mahindra Limited | Privacy Policy | Site Map