Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability

TITLE: Microsoft Internet Explorer CSS Tag Memory Corruption Vulnerability
CLASS: Unknown
CVE: CVE-2007-1750

REMOTE: Yes
LOCAL: No
PUBLISHED: Jun 12 2007 12:00AM
UPDATE: Jun 18 2007 07:59PM
CREDIT: The vendor disclosed this issue.
VULNERABLE:

Nortel Networks Centrex IP Client Manager 8.0
Nortel Networks Centrex IP Client Manager 7.0
Nortel Networks Centrex IP Client Manager 9.0
Nortel Networks Centrex IP Client Manager
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0
-Citrix ICA Client for Windows 4.0 SP6a
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP2
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server SP1
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Advanced Server
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP2
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server SP1
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Datacenter Server
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP2
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional SP1
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Professional
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP2
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server SP1
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Server
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP2
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services SP1
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 2000 Terminal Services
-Microsoft Windows 98
-Microsoft Windows 98
-Microsoft Windows 98SE
-Microsoft Windows 98SE
-Microsoft Windows ME
-Microsoft Windows ME
-Microsoft Windows NT 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Enterprise Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Server 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a
-Microsoft Windows NT Workstation 4.0 SP6a
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition
+ Microsoft Windows Server 2003 Datacenter Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Enterprise Edition Itanium 0
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Standard Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows Server 2003 Web Edition
+ Microsoft Windows XP Home
+ Microsoft Windows XP Home
+ Microsoft Windows XP Professional
+ Microsoft Windows XP Professional

NOT VULNERABLE:

Vai alla pagina originale su Security Focus

Discussion

Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.

A remote attacker can exploit this issue to execute arbitrary code in the context of the user running the vulnerable application.

Exploit

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:vuldb@securityfocus.com.

Solution

Solution:
Microsoft has released security bulletin MS07-033 with fixes to address this issue. Please see the referenced bulletin for information on obtaining fixes.


Microsoft Internet Explorer 6.0 SP1

• Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=5C958650-28D2-4DD0-96A8-DBFE79CE3F68


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB


• Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=60FB294E-A8E1-405E-A289-2D2723EDF7EE


• Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D

Microsoft Internet Explorer 6.0

• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=7ED19127-5C2D-48E4-A8D1-090DC69FD68B


• Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=B628A3CC-A70C-478A-A10C-EEE254EE34AB


• Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB933566)
  http://www.microsoft.com/downloads/details.aspx?FamilyId=086D6D6E-4703-4C6C-A7AF-B6DAFEEEDE5D

References

References:

• Internet Explorer (Microsoft)
  
• [SECURITY ADVISORY ] Centrex IP Client Manager (CICM) response to Microsoft June (Nortel Networks)
  
• Microsoft Security Bulletin MS07-033 (Microsoft)
  

PhpLog