Executive Summary

Informations
Name MS07-016 First vendor Publication 2007-02-13
Vendor Microsoft Last vendor Modification 2007-02-13
Severity (Vendor) Critical Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

This critical security update resolves two newly discovered, privately reported and one newly discovered, publicly disclosed vulnerability. Two of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The third vulnerability could allow remote code execution if a user visits a specially crafted FTP server site using the FTP client in Internet Explorer. In all cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4, Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4, Internet Explorer 6 for Windows XP Service Pack 2, and Internet Explorer 6 on Windows Server 2003 and Windows Server 2003 Service Pack 1. For other versions, this update is rated either important or low. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update addresses the vulnerabilities by setting the kill bit for COM objects and by modifying the way that Internet Explorer handles FTP server responses. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Recommendation. Microsoft recommends that customers apply the update immediately. Known Issues. Microsoft Knowledge Base Article 928090 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.

Original Source

Url : http://www.microsoft.com/technet/security/bulletin/ms07-016-example-of-new (...)

CWE : Common Weakness Enumeration

% Id Name

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:1120
 
Oval ID: oval:org.mitre.oval:def:1120
Title: COM Object Instantiation Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
Family: windows Class: vulnerability
Reference(s): CVE-2006-4697
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:1141
 
Oval ID: oval:org.mitre.oval:def:1141
Title: FTP Server Response Parsing Memory Corruption Vulnerability
Description: The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.
Family: windows Class: vulnerability
Reference(s): CVE-2007-0217
Version: 3
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:257
 
Oval ID: oval:org.mitre.oval:def:257
Title: COM Object Instantiation Memory Corruption Vulnerability
Description: Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.
Family: windows Class: vulnerability
Reference(s): CVE-2007-0219
Version: 7
Platform(s): Microsoft Windows 2000
Microsoft Windows XP
Microsoft Windows Server 2003
Product(s): Microsoft Internet Explorer 7
Microsoft Internet Explorer 6
Microsoft Internet Explorer 5
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 3

OpenVAS Exploits

Date Description
2010-07-08 Name : Cumulative Security Update for Internet Explorer (928090)
File : nvt/ms07-016.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
31895 Microsoft IE Blnmgrps.dll COM Object Instantiation Memory Corruption

A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Blnmgrps.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.
31894 Microsoft IE Htmlmm.ocx COM Object Instantiation Memory Corruption

A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Htmlmm.ocx is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.
31893 Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption

A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Msb1fren.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.
31892 Microsoft IE FTP Server Response Parsing Memory Corruption

A remote overflow exists in Internet Explorer. The wininet.dll FTP client fails to validate FTP server responses resulting in a heap overflow. With a specially crafted server response, an attacker can cause arbitrary code execution resulting in a loss of integrity.
31891 Microsoft IE Imjpcksid.dll COM Object Instantiation Memory Corruption

A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Imjpcksid.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Snort® IPS/IDS

Date Description
2016-03-14 Microsoft Input Method Editor 2 ActiveX clsid access attempt
RuleID : 36320 - Revision : 2 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer FTP Response Parsing Memory Corruption
RuleID : 17367 - Revision : 6 - Type : BROWSER-IE
2014-01-10 BlnSetUser Proxy 2 ActiveX clsid unicode access
RuleID : 10155 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access
RuleID : 10154 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access
RuleID : 10153 - Revision : 11 - Type : BROWSER-PLUGINS
2014-01-10 BlnSetUser Proxy ActiveX clsid unicode access
RuleID : 10152 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access
RuleID : 10151 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call a...
RuleID : 10150 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 HTML Inline Movie Control ActiveX clsid unicode access
RuleID : 10149 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access
RuleID : 10148 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call a...
RuleID : 10147 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 HTML Inline Sound Control ActiveX clsid unicode access
RuleID : 10146 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access
RuleID : 10145 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call ...
RuleID : 10144 - Revision : 12 - Type : BROWSER-PLUGINS
2014-01-10 LexRefBilingualTextContext ActiveX clsid unicode access
RuleID : 10143 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access
RuleID : 10142 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Input Method Editor 2 ActiveX clsid unicode access
RuleID : 10141 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Input Method Editor 2 ActiveX clsid access attempt
RuleID : 10140 - Revision : 13 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Input Method Editor ActiveX function call access
RuleID : 10139 - Revision : 10 - Type : BROWSER-PLUGINS
2014-01-10 Microsoft Input Method Editor ActiveX clsid unicode access
RuleID : 10138 - Revision : 6 - Type : WEB-ACTIVEX
2014-01-10 Microsoft Input Method Editor ActiveX clsid access
RuleID : 10137 - Revision : 12 - Type : BROWSER-PLUGINS

Nessus® Vulnerability Scanner

Date Description
2007-02-13 Name : Arbitrary code can be executed on the remote host through the web client.
File : smb_nt_ms07-016.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
Date Informations
2014-02-17 11:45:38
  • Multiple Updates
2014-01-19 21:30:04
  • Multiple Updates
2013-05-11 00:49:15
  • Multiple Updates