Executive Summary
This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
| Summary | |
|---|---|
| Title | Cumulative Security Update for Internet Explorer (933566) |
| Informations | |||
|---|---|---|---|
| Name | MS07-033 | First vendor Publication | 2007-06-12 |
| Vendor | Microsoft | Last vendor Modification | 2007-06-12 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This critical security update resolves five newly privately reported vulnerabilities and one publicly disclosed vulnerability. All but one of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. One vulnerability could allow spoofing, and also involves a specially crafted Web page. In all remote code execution cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. For the spoofing case, exploitation requires user interaction. |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx?pubDate=2 (...) |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 33 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
| 33 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
| 33 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1084 | |||
| Oval ID: | oval:org.mitre.oval:def:1084 | ||
| Title: | COM Object Instantiation Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 5.01 and 6 allows remote attackers to execute arbitrary code by instantiating certain COM objects from Urlmon.dll, which triggers memory corruption during a call to the IObjectSafety function. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0218 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1396 | |||
| Oval ID: | oval:org.mitre.oval:def:1396 | ||
| Title: | CSS Tag Memory Corruption Vulnerability | ||
| Description: | Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via a crafted Cascading Style Sheets (CSS) tag that triggers memory corruption. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-1750 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1715 | |||
| Oval ID: | oval:org.mitre.oval:def:1715 | ||
| Title: | Navigation Cancel Page Spoofing Vulnerability | ||
| Description: | Microsoft Internet Explorer 7.0 on Windows XP and Vista allows remote attackers to conduct phishing attacks and possibly execute arbitrary code via a res: URI to navcancl.htm with an arbitrary URL as an argument, which displays the URL in the location bar of the "Navigation Canceled" page and injects the script into the "Refresh the page" link, aka Navigation Cancel Page Spoofing Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-1499 | Version: | 3 |
| Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1902 | |||
| Oval ID: | oval:org.mitre.oval:def:1902 | ||
| Title: | Language Pack Installation Vulnerability | ||
| Description: | Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-3027 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1978 | |||
| Oval ID: | oval:org.mitre.oval:def:1978 | ||
| Title: | Uninitialized Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to access an uninitialized or deleted object, related to prototype variables and table cells, aka "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-1751 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2031 | |||
| Oval ID: | oval:org.mitre.oval:def:2031 | ||
| Title: | Speech Control Memory Corruption Vulnerability | ||
| Description: | Multiple buffer overflows in the (1) ActiveListen (Xlisten.dll) and (2) ActiveVoice (Xvoice.dll) speech controls, as used by Microsoft Internet Explorer 5.01, 6, and 7, allow remote attackers to execute arbitrary code via a crafted ActiveX object that triggers memory corruption, as demonstrated via the ModeName parameter to the FindEngine function in ACTIVEVOICEPROJECTLib.DirectSS. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-2222 | Version: | 7 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 4 |
SAINT Exploits
| Description | Link |
|---|---|
| Microsoft Speech API memory corruption | More info here |
ExploitDB Exploits
| id | Description |
|---|---|
| 2007-06-13 | Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2) |
| 2007-06-13 | Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-07-08 | Name : Microsoft Windows Vector Markup Language Vulnerabilities (929969) File : nvt/ms07-004.nasl |
| 2010-07-08 | Name : Cumulative Security Update for Internet Explorer (933566) File : nvt/ms07-033.nasl |
| 2010-07-08 | Name : Cumulative Security Update for Internet Explorer (939653) File : nvt/ms07-057.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 35353 | Microsoft IE Speech API 4 Xlisten.dll / Xvoice.dll Memory Corruption |
| 35352 | Microsoft IE navcancl.htm res: URI Phishing |
| 35351 | Microsoft IE Unspecified Memory Corruption Arbitrary Code Execution |
| 35350 | Microsoft IE Multiple Language Pack Installation Race Condition Code Execution |
| 35349 | Microsoft IE Crafted CSS Tag Handling Memory Corruption |
| 35348 | Microsoft IE Urlmon.dll COM Object Instantiation Memory Corruption |
| 34077 | Microsoft IE navcancl.htm res: URI XSS |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | mk Asychronous Pluggable Protocol Handler ActiveX clsid unicode access RuleID : 7959 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer mk Asychronous Pluggable Protocol Handler ActiveX... RuleID : 7958 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | https Asychronous Pluggable Protocol Handler ActiveX clsid unicode access RuleID : 7945 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer https Asychronous Pluggable Protocol Handler Acti... RuleID : 7944 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | http Asychronous Pluggable Protocol Handler ActiveX clsid unicode access RuleID : 7943 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer http Asychronous Pluggable Protocol Handler Activ... RuleID : 7942 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | gopher Asychronous Pluggable Protocol Handler ActiveX clsid unicode access RuleID : 7939 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer gopher Asychronous Pluggable Protocol Handler Act... RuleID : 7938 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | ftp Asychronous Pluggable Protocol Handler ActiveX clsid unicode access RuleID : 7935 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer ftp Asychronous Pluggable Protocol Handler Active... RuleID : 7934 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | file or local Asychronous Pluggable Protocol Handler ActiveX clsid unicode ac... RuleID : 7929 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer file or local Asychronous Pluggable Protocol Hand... RuleID : 7928 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | CDL Asychronous Pluggable Protocol Handler ActiveX clsid unicode access RuleID : 7905 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer CDL Asychronous Pluggable Protocol Handler Active... RuleID : 7904 - Revision : 18 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer navcancl.htm url spoofing attempt RuleID : 12014 - Revision : 13 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer CSS tag memory corruption attempt RuleID : 11966 - Revision : 11 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Internet Explorer navcancl.htm url spoofing attempt RuleID : 11834 - Revision : 21 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Direct Speech Recognition ActiveX function call unicode access RuleID : 11833 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Direct Speech Recognition ActiveX function call access RuleID : 11832 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Direct Speech Recognition ActiveX clsid unicode access RuleID : 11831 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Direct Speech Recognition ActiveX clsid access attempt RuleID : 11830 - Revision : 17 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Voice Control ActiveX function call unicode access RuleID : 11829 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Voice Control ActiveX function call access RuleID : 11828 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Voice Control ActiveX clsid unicode access RuleID : 11827 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Voice Control Recognition ActiveX clsid access attempt RuleID : 11826 - Revision : 17 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-06-12 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-033.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:42 |
|
| 2014-01-19 21:30:05 |
|
