Executive Summary
| Summary | |
|---|---|
| Title | Cumulative Security Update for Internet Explorer (937143) |
| Informations | |||
|---|---|---|---|
| Name | MS07-045 | First vendor Publication | 2007-08-14 |
| Vendor | Microsoft | Last vendor Modification | 2007-08-14 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights |
Original Source
| Url : http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-16 | Configuration |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1673 | |||
| Oval ID: | oval:org.mitre.oval:def:1673 | ||
| Title: | CSS Memory Corruption Vulnerability | ||
| Description: | Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0943 | Version: | 1 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| Definition Id: oval:org.mitre.oval:def:2109 | |||
| Oval ID: | oval:org.mitre.oval:def:2109 | ||
| Title: | ActiveX Object Vulnerability | ||
| Description: | The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-2216 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2232 | |||
| Oval ID: | oval:org.mitre.oval:def:2232 | ||
| Title: | ActiveX Object Memory Corruption Vulnerability | ||
| Description: | Unspecified vulnerability in the pdwizard.ocx ActiveX object for Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute arbitrary code via unknown vectors related to Microsoft Visual Basic 6 objects and memory corruption, aka "ActiveX Object Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-3041 | Version: | 5 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 3 | |
| Application | 1 | |
| Application | 1 | |
| Hardware | 1 | |
| Hardware | 1 |
SAINT Exploits
| Description | Link |
|---|---|
| Internet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability | More info here |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-07-08 | Name : Cumulative Security Update for Internet Explorer (937143) File : nvt/ms07-045.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 39555 | IBM Lenovo Access Support acpRunner ActiveX acpcontroller.dll / acpir.dll Dig... |
| 39554 | IBM Lenovo Access Support acpRunner ActiveX acpcontroller.dll / acpir.dll Arb... |
| 39553 | IBM Lenovo Access Support acpRunner ActiveX acpcontroller.dll / acpir.dll For... |
| 37710 | Motive Service Activation Manager ActiveEmailTest.EmailData ActiveX (ActiveUt... |
| 36397 | Microsoft IE Crafted CSS Unspecified Memory Corruption Microsoft IE contains a flaw that may allow a malicious user to gain the same user rights as the logged in user. The issue is triggered when IE parses certain strings in CSS. It is possible for a malacious person to construct a specially crafted website which could remotely execute code on the visitor's computer. |
| 36396 | Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution Internet Explorer contains a flaw that may permit a remote attacker to execute arbitrary code via unknown attack vectors. The issue is the result of an incorrect IObjectsafety implementation and MS VB6 objects. It is possible that the flaw may result in a loss of integrity. |
| 36395 | Microsoft IE ActiveX (pdwizard.ocx) Unspecified Memory Corruption Internet Explorer contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is due to an unspecified vulnerability in the pdwizard.ocx Active X object and is related to MS VB6 objects and memory corruption. It is possible that the flaw may result in a loss of integrity. |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Microsoft Internet Explorer CSS strings parsing memory corruption attempt RuleID : 17645 - Revision : 9 - Type : BROWSER-IE |
| 2014-01-10 | Internet Explorer malformed CSS memory corruption attempt RuleID : 13518 - Revision : 4 - Type : WEB-CLIENT |
| 2014-01-10 | Microsoft Package and Deployment Wizard ActiveX function call unicode access RuleID : 13324 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Package and Deployment Wizard ActiveX function call access RuleID : 13323 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Package and Deployment Wizard ActiveX clsid unicode access RuleID : 13322 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Package and Deployment Wizard ActiveX clsid access RuleID : 13321 - Revision : 17 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer CSS memory corruption exploit RuleID : 12277 - Revision : 19 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Visual Basic 6 TypeLibInfo ActiveX function call unicode access RuleID : 12276 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 TypeLibInfo ActiveX function call access RuleID : 12275 - Revision : 9 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid unicode access RuleID : 12274 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 TypeLibInfo ActiveX clsid access RuleID : 12273 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 TLIApplication ActiveX function call unicode access RuleID : 12272 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 TLIApplication ActiveX function call access RuleID : 12271 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 TLIApplication ActiveX function call RuleID : 12270 - Revision : 16 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 TLIApplication ActiveX clsid access RuleID : 12269 - Revision : 19 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 SearchHelper ActiveX function call unicode access RuleID : 12268 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 SearchHelper ActiveX function call access RuleID : 12267 - Revision : 10 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 SearchHelper ActiveX clsid unicode access RuleID : 12266 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 SearchHelper ActiveX clsid access RuleID : 12265 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 PDWizard.File ActiveX function call unicode access RuleID : 12264 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 PDWizard.File ActiveX function call access RuleID : 12263 - Revision : 9 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Visual Basic 6 PDWizard.File ActiveX clsid unicode access RuleID : 12262 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Visual Basic 6 PDWizard.File ActiveX clsid access RuleID : 12261 - Revision : 10 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2007-08-14 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-045.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2018-10-13 00:25:19 |
|
| 2014-02-17 11:45:44 |
|
| 2014-01-19 21:30:06 |
|
| 2013-05-11 00:49:17 |
|
