BNLug - Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability

Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability

TITLE: Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability
CLASS: Unknown
CVE: CVE-2007-1751

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 18 2007 07:59PM
CREDIT: Sam Thomas working with Tipping Point and the Zero Day Initiative is credited with discovering this issue.
VULNERABLE:

Nortel Networks Centrex IP Client Manager 8.0
Nortel Networks Centrex IP Client Manager 7.0
Nortel Networks Centrex IP Client Manager 9.0
Nortel Networks Centrex IP Client Manager
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-Citrix ICA Client for Windows 4.0 SP6a
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 98
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows ME
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional
Microsoft Internet Explorer 5.0.1 SP4
-Microsoft Windows 2000 Advanced Server SP4
-Microsoft Windows 2000 Datacenter Server SP4
-Microsoft Windows 2000 Professional SP4
-Microsoft Windows 2000 Server SP4
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP2
-Citrix ICA Client for Windows 4.0 SP6a
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 95
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP5
-Microsoft Windows NT 4.0 SP4
-Microsoft Windows NT 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1 SP1
-Citrix ICA Client for Windows 4.0 SP6a
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 95
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP5
-Microsoft Windows NT 4.0 SP4
-Microsoft Windows NT 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP2
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0 SP1
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Enterprise Server 4.0
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP2
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0 SP1
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Server 4.0
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP2
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0 SP1
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Terminal Server 4.0
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP2
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0 SP1
-Microsoft Windows NT Workstation 4.0
-Microsoft Windows NT Workstation 4.0
Microsoft Internet Explorer 5.0.1
-Citrix ICA Client for Windows 4.0 SP6a
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 95
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows 98SE
+ Microsoft Windows ME
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP5
-Microsoft Windows NT 4.0 SP4
-Microsoft Windows NT 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP6
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP5
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP4
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Enterprise Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP6
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP5
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP4
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP6
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP5
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP4
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Terminal Server 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP6
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP5
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP4
-Microsoft Windows NT Workstation 4.0 SP3
-Microsoft Windows NT Workstation 4.0 SP3
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 95
-Microsoft Windows 95
-Microsoft Windows 95
-Microsoft Windows 98
-Microsoft Windows 98
-Microsoft Windows 98
+ Microsoft Windows 98SE
+ Microsoft Windows 98SE
+ Microsoft Windows 98SE
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP6
-Microsoft Windows NT 4.0 SP5
-Microsoft Windows NT 4.0 SP5
-Microsoft Windows NT 4.0 SP5
-Microsoft Windows NT 4.0 SP4
-Microsoft Windows NT 4.0 SP4
-Microsoft Windows NT 4.0 SP4
-Microsoft Windows NT 4.0 SP3
-Microsoft Windows NT 4.0 SP3
-Microsoft Windows NT 4.0 SP3
Microsoft Internet Explorer 7.0
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Ultimate
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Premium
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Home Basic
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Enterprise
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista Business
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0
+ Microsoft Windows Vista 0

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Microsoft Internet Explorer is prone to a memory-corruption vulnerability when accessing objects that are improperly instantiated or deleted.

An attacker may exploit this issue by enticing victims into opening a maliciously crafted webpage.

Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected application, facilitating the remote compromise of affected computers.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
Microsoft has released an advisory along with fixes to address this issue. Please see the references for more information.

Microsoft Internet Explorer 7.0

Microsoft Cumulative Update for Internet Explorer 7 for Windows Server 2003 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=A074D9C0-1FED-4753-845E-073CFCE99F45

Microsoft Cumulative Update for Internet Explorer 7 for Windows Server 2003 64-bit Itanium Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7&displaylang=en

Microsoft Cumulative Update for Internet Explorer 7 for Windows Server 2003 x64 Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E

Microsoft Cumulative Update for Internet Explorer 7 for Windows XP Service Pack 2 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=C2191703-8CBD-4959-9F84-E13F21173926

Microsoft Cumulative Update for Internet Explorer 7 in Windows Vista x64 Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=77287386-48EB-4AA9-9537-626A3093AAF7

Microsoft Cumulative Update for Internet Explorer 7 for Windows XP x64 Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=69C526B8-8B07-42BC-9BED-E18DEAE21C8E

Microsoft Internet Explorer 5.0.1 SP4

Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=3B49F1ED-ABE3-4DBD-A91D-973415658F6B

Microsoft Internet Explorer 6.0 SP1

Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A8-DBFE79CE3F68

Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B

Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB

Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A289-2D2723EDF7EE

Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D

Microsoft Internet Explorer 6.0

Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B

Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB

Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB933566)
http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D

References

References:

Internet Explorer (Microsoft)
ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vu (ZDI)
[SECURITY ADVISORY ] Centrex IP Client Manager (CICM) response to Microsoft June (Nortel Networks)
Microsoft Security Bulletin MS07-033 (Microsoft)
ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vul (ZDI)

Microsoft Internet Explorer Prototype Variable Uninitialized Memory Corruption Vulnerability

Discussion

Exploit

Solution

References

PhpLog

BNLug Benevento Linux Users Group

Menu Principale

Staff

Partner

Link