Executive Summary
Informations | |||
---|---|---|---|
Name | MS07-016 | First vendor Publication | 2007-02-13 |
Vendor | Microsoft | Last vendor Modification | 2007-02-13 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 10 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This critical security update resolves two newly discovered, privately reported and one newly discovered, publicly disclosed vulnerability. Two of these vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. The third vulnerability could allow remote code execution if a user visits a specially crafted FTP server site using the FTP client in Internet Explorer. In all cases, users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. This is a critical security update for Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4, Internet Explorer 6 Service Pack 1 when installed on Windows 2000 Service Pack 4, Internet Explorer 6 for Windows XP Service Pack 2, and Internet Explorer 6 on Windows Server 2003 and Windows Server 2003 Service Pack 1. For other versions, this update is rated either important or low. For more information, see the subsection, Affected and Non-Affected Software, in this section. This security update addresses the vulnerabilities by setting the kill bit for COM objects and by modifying the way that Internet Explorer handles FTP server responses. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information. Recommendation. Microsoft recommends that customers apply the update immediately. Known Issues. Microsoft Knowledge Base Article 928090 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-016-example-of-new (...) |
CWE : Common Weakness Enumeration
% | Id | Name |
---|
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:1120 | |||
Oval ID: | oval:org.mitre.oval:def:1120 | ||
Title: | COM Object Instantiation Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2006-4697 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:1141 | |||
Oval ID: | oval:org.mitre.oval:def:1141 | ||
Title: | FTP Server Response Parsing Memory Corruption Vulnerability | ||
Description: | The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0217 | Version: | 3 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:257 | |||
Oval ID: | oval:org.mitre.oval:def:257 | ||
Title: | COM Object Instantiation Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-0219 | Version: | 7 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 | Product(s): | Microsoft Internet Explorer 7 Microsoft Internet Explorer 6 Microsoft Internet Explorer 5 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 | |
Application | 3 |
OpenVAS Exploits
Date | Description |
---|---|
2010-07-08 | Name : Cumulative Security Update for Internet Explorer (928090) File : nvt/ms07-016.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
31895 | Microsoft IE Blnmgrps.dll COM Object Instantiation Memory Corruption A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Blnmgrps.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
31894 | Microsoft IE Htmlmm.ocx COM Object Instantiation Memory Corruption A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Htmlmm.ocx is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
31893 | Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Msb1fren.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
31892 | Microsoft IE FTP Server Response Parsing Memory Corruption A remote overflow exists in Internet Explorer. The wininet.dll FTP client fails to validate FTP server responses resulting in a heap overflow. With a specially crafted server response, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
31891 | Microsoft IE Imjpcksid.dll COM Object Instantiation Memory Corruption A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Imjpcksid.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2016-03-14 | Microsoft Input Method Editor 2 ActiveX clsid access attempt RuleID : 36320 - Revision : 2 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer FTP Response Parsing Memory Corruption RuleID : 17367 - Revision : 6 - Type : BROWSER-IE |
2014-01-10 | BlnSetUser Proxy 2 ActiveX clsid unicode access RuleID : 10155 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer BlnSetUser Proxy 2 ActiveX clsid access RuleID : 10154 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer BlnSetUser Proxy ActiveX function call access RuleID : 10153 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | BlnSetUser Proxy ActiveX clsid unicode access RuleID : 10152 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer BlnSetUser Proxy ActiveX clsid access RuleID : 10151 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer HTML Inline Movie Control ActiveX function call a... RuleID : 10150 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | HTML Inline Movie Control ActiveX clsid unicode access RuleID : 10149 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer HTML Inline Movie Control ActiveX clsid access RuleID : 10148 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer HTML Inline Sound Control ActiveX function call a... RuleID : 10147 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | HTML Inline Sound Control ActiveX clsid unicode access RuleID : 10146 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer HTML Inline Sound Control ActiveX clsid access RuleID : 10145 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Internet Explorer LexRefBilingualTextContext ActiveX function call ... RuleID : 10144 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | LexRefBilingualTextContext ActiveX clsid unicode access RuleID : 10143 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer LexRefBilingualTextContext ActiveX clsid access RuleID : 10142 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Input Method Editor 2 ActiveX clsid unicode access RuleID : 10141 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Input Method Editor 2 ActiveX clsid access attempt RuleID : 10140 - Revision : 13 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Input Method Editor ActiveX function call access RuleID : 10139 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft Input Method Editor ActiveX clsid unicode access RuleID : 10138 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Input Method Editor ActiveX clsid access RuleID : 10137 - Revision : 12 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-02-13 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-016.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:45:38 |
|
2014-01-19 21:30:04 |
|
2013-05-11 00:49:15 |
|