Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 4 |
CVE-ID | CVE-2007-5347 CVE-2007-5344 CVE-2007-3903 CVE-2007-3902 |
CWE-ID | CWE-119 |
Exploitation vector | Network |
Public exploit | Vulnerability #1 is being exploited in the wild. |
Vulnerable software Subscribe |
Microsoft Internet Explorer Client/Desktop applications / Web browsers |
Vendor | Microsoft |
Security Bulletin
This security bulletin contains information about 4 vulnerabilities.
This security bulletin describes 4 critical vulnerabilities in Microsoft internet Explorer, including 1 zero-day vulnerability.
EUVDB-ID: #VU1351
Risk: Critical
CVSSv3.1: 8.9 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:F/RL:O/RC:C]
CVE-ID: CVE-2007-5347
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an error when handling certain DHTML object methods. A remote attacker can create a specially crafted HTML page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Mitigation
Install update from vendor's website:
Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C
Internet Explorer 6
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055
Internet Explorer 7
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91
Windows Vista
https://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341
Windows Vista x64 Edition
https://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16
Microsoft Internet Explorer: 6 - 7
External linkshttp://technet.microsoft.com/en-us/library/security/ms07-069.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
EUVDB-ID: #VU1349
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-5344
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or that has been deleted. A remote attacker can create a specially crafted HTML page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall update from vendor's website:
Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C
Internet Explorer 6
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055
Internet Explorer 7
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91
Windows Vista
https://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341
Windows Vista x64 Edition
https://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16
Microsoft Internet Explorer: 6 - 7
External linkshttp://technet.microsoft.com/en-us/library/security/ms07-069.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1348
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-3903
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or that has been deleted. A remote attacker can create a specially crafted HTML page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall update from vendor's website:
Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C
Internet Explorer 6
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055
Internet Explorer 7
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91
Windows Vista
https://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341
Windows Vista x64 Edition
https://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16
Microsoft Internet Explorer: 6 - 7
External linkshttp://technet.microsoft.com/en-us/library/security/ms07-069.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU1346
Risk: High
CVSSv3.1: 8.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2007-3902
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists in the way Internet Explorer accesses an object that has not been correctly initialized or that has been deleted. A remote attacker can create a specially crafted HTML page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
MitigationInstall update from vendor's website:
Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 5.01 Service Pack 4
https://www.microsoft.com/downloads/details.aspx?FamilyId=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB
Microsoft Internet Explorer 6 Service Pack 1
https://www.microsoft.com/downloads/details.aspx?FamilyId=BC8EDF05-262A-4D1D-B196-4FC1A844970C
Internet Explorer 6
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=BF466060-A585-4C2E-A48D-70E080C3BBE7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=074697F2-18C8-4521-BBF7-1D0E7395D27D
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=B3F390A6-0361-4553-B627-5E7AD6BF5055
Internet Explorer 7
Windows XP Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=B15A6506-02DD-43C2-AEF4-E10C1C76EE97
Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=C092A6BB-8E62-4D90-BDB1-5F3A15968F75
Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=34759C10-16A5-42A2-974D-9D532FB5A0A7
Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2
https://www.microsoft.com/downloads/details.aspx?FamilyId=7DCCCE5A-7562-448B-A345-CF1CC758E35C
Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems
https://www.microsoft.com/downloads/details.aspx?FamilyId=8414F3FB-216A-4D46-B590-4C1F304DFF91
Windows Vista
https://www.microsoft.com/downloads/details.aspx?FamilyId=26D303DA-BB2E-4555-96F1-BECB0E277341
Windows Vista x64 Edition
https://www.microsoft.com/downloads/details.aspx?FamilyId=C5E88E0B-A4C2-4690-91D9-326800030A16
Microsoft Internet Explorer: 5.01 - 7
External linkshttp://technet.microsoft.com/en-us/library/security/ms07-069.aspx
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to trick the victim to visit a specially crafted website.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.