SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com






Category:   Application (Web Browser)  >   Microsoft Internet Explorer (IE) Vendors:   Microsoft
Microsoft Internet Explorer Buffer Overflow in Fox Pro ActiveX Control Lets Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1019378
SecurityTracker URL:  http://securitytracker.com/id/1019378
CVE Reference:   CVE-2007-4790   (Links to External Site)
Date:  Feb 12 2008
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 5.01, 6, 6 SP1, 7
Description:   A vulnerability was reported in Microsoft Internet Explorer in a Microsoft Fox Pro component. A remote user can cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, will invoke a Fox Pro ActiveX control and trigger a memory corruption error to execute arbitrary code on the target system. The code will run with the privileges of the target user.

The CLSIDs of the affected controls are: 22852ee3-b01b-11cf-b826-00a0c9055d9e, ef28418f-ffb2-11d0-861a-00a0c903a97f

A demonstration exploit is available at:

http://www.milw0rm.com/exploits/4369

shinnai reported this vulnerability.

Impact:   A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
Solution:   The vendor has issued the following cumulative fixes:

Microsoft Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=1032A039-468B-4C5F-8C1C-5E54C2832E41

Microsoft Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=87E66DCE-5060-4814-8754-829B4E190359

Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=BB2AA3CB-021F-4890-AB20-2A51F8E17554

Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=8989F576-8B30-4866-90EC-929D24F3B409

Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=429B7ED1-FE78-459A-B834-D0F3C69CB703

Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E989E23C-38BB-4FE7-A830-D7BDF7659392

Microsoft Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=5A097F7A-B696-48D0-B13F-337C5FD14E24

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=D4AA293A-6332-4C6C-B128-876F516BD030

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B72AF1B6-6E23-4005-AEF6-82195B380153

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=B2AA6562-881E-4FD6-BE1B-53426A0FF4A9

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=4BB99AFC-BE14-4F2E-9570-B7FE09E39131

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6FA80E2C-5E91-4B33-ACD9-33F156660AE7

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=0DE25B98-F443-4874-A06F-4DAAE14C16B0

Windows Internet Explorer 7:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C08EBBE7-639B-4EA2-8304-FAB531930ABF

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms08-010.mspx (Links to External Site)
Cause:   Boundary error
Underlying OS:   Windows (Any)

Message History:   None.


 Source Message Contents

Date:  Tue, 12 Feb 2008 14:06:25 -0500
Subject:  Microsoft Security Bulletin MS08-010 - Critical: Cumulative Security Update for Internet Explorer (944533)


http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx

CVE-2007-4790
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

Copyright 2014, SecurityGlobal.net LLC