Executive Summary
| Summary | |
|---|---|
| Title | Cumulative Security Update for Internet Explorer (931768) |
| Informations | |||
|---|---|---|---|
| Name | MS07-027 | First vendor Publication | 2007-05-08 |
| Vendor | Microsoft | Last vendor Modification | 2007-05-08 |
| Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 9.3 | Attack Range | Network |
| Cvss Impact Score | 10 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| This update resolves several newly discovered, privately reported and public vulnerabilities. Each vulnerability is documented in its own subsection in the Vulnerability Details section of this bulletin. If a user is logged on with administrative user rights, an attacker who successfully exploited the most severe of these vulnerabilities could take complete control of an affected system. An attacker could then install programs; view, change, or delete data; or create new accounts with the same user rights as the logged-on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. We recommend that customers apply the update immediately. |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 100 % | CWE-399 | Resource Management Errors |
OVAL Definitions
| Definition Id: oval:org.mitre.oval:def:1441 | |||
| Oval ID: | oval:org.mitre.oval:def:1441 | ||
| Title: | HTML Objects Memory Corruption Vulnerabilities | ||
| Description: | Unspecified vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, which results in memory corruption, aka the first of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0947. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0946 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1463 | |||
| Oval ID: | oval:org.mitre.oval:def:1463 | ||
| Title: | Property Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and 7 on Windows Vista allows remote attackers to execute arbitrary code via certain property methods that may trigger memory corruption, aka "Property Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0945 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1722 | |||
| Oval ID: | oval:org.mitre.oval:def:1722 | ||
| Title: | Uninitialized Memory Corruption Vulnerability | ||
| Description: | Unspecified vulnerability in the CTableCol::OnPropertyChange method in Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; and 6 on Windows XP SP2, or Windows Server 2003 SP1 or SP2 allows remote attackers to execute arbitrary code by calling deleteCell on a named table row in a named table column, then accessing the column, which causes Internet Explorer to access previously deleted objects, aka the "Uninitialized Memory Corruption Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0944 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1885 | |||
| Oval ID: | oval:org.mitre.oval:def:1885 | ||
| Title: | Arbitrary File Rewrite Vulnerability | ||
| Description: | Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 on Windows Vista allows remote attackers to overwrite arbitrary files via unspecified vectors, aka the "Arbitrary File Rewrite Vulnerability." | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-2221 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:1939 | |||
| Oval ID: | oval:org.mitre.oval:def:1939 | ||
| Title: | COM Object Instantiation Memory Corruption Vulnerability | ||
| Description: | Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; and possibly 7 on Windows Vista does not properly "instantiate certain COM objects as ActiveX controls," which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0942 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
| Definition Id: oval:org.mitre.oval:def:2048 | |||
| Oval ID: | oval:org.mitre.oval:def:2048 | ||
| Title: | HTML Objects Memory Corruption Vulnerabilities | ||
| Description: | Use-after-free vulnerability in Microsoft Internet Explorer 7 on Windows XP SP2, Windows Server 2003 SP1 or SP2, or Windows Vista allows remote attackers to execute arbitrary code via crafted HTML objects, resulting in accessing deallocated memory of CMarkup objects, aka the second of two "HTML Objects Memory Corruption Vulnerabilities" and a different issue than CVE-2007-0946. | ||
| Family: | windows | Class: | vulnerability |
| Reference(s): | CVE-2007-0947 | Version: | 3 |
| Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
| Definition Synopsis: | |||
| |||
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2007-05-10 | MS Internet Explorer <= 7 - Remote Arbitrary File Rewrite PoC (MS07-027) |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-07-08 | Name : Cumulative Security Update for Internet Explorer (931768) File : nvt/ms07-027.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 35873 | RIM TeamOn Import Object ActiveX (TOImport.dll) SetLanguage FunctionBuffer Re... |
| 34404 | Microsoft IE Media Service Component Arbitrary File Rewrite Internet Explorer contains a flaw that may allow a context-dependent attacker to rewrite arbitrary files on a target system. The issue is triggered by an unspecified flaw in mdsauth.dll. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
| 34403 | Microsoft IE HTML CMarkup Objects Unspecified Memory Corruption A memory corruption flaw exists in Internet Explorer. It fails to properly handle HTML objects resulting in CMarkup objects being used after they have been freed. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 34402 | Microsoft IE HTML Objects Unspecified Memory Corruption Internet Explorer contains a flaw related to the handling of HTML objects that may allow a context-dependent attacker to execute arbitrary code. No further details have been provided. |
| 34401 | Microsoft IE Property Method Handling Memory Corruption A memory corruption flaw exists in Internet Explorer. The property method fails to properly handle web page input resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 34400 | Microsoft IE Uninitialized Object Memory Corruption A memory corruption flaw exists in Internet Explorer. The CTableCol::OnPropertyChange() function may access deleted objects following a call to the deleteCell() JavaScript method resulting in memory corruption. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 34399 | Microsoft IE COM Object Instantiation Memory Corruption (931768) A remote memory corruption flaw exists in Windows. Internet Explorer fails to properly instantiate some COM objects resulting in memory corruption. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity. |
| 30513 | Acer LunchApp.APlunch ActiveX Run() Method Arbitrary File Execution |
Snort® IPS/IDS
| Date | Description |
|---|---|
| 2014-01-10 | Acer LunchApp.APlunch ActiveX clsid unicode access RuleID : 9428 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Acer LunchApp.APlunch ActiveX clsid access RuleID : 9427 - Revision : 12 - Type : BROWSER-PLUGINS |
| 2017-07-27 | Microsoft Internet Explorer CSS property method handling memory corruption at... RuleID : 43358 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-05 | Microsoft Internet Explorer dynamic page reloading memory corruption attempt RuleID : 37889 - Revision : 1 - Type : BROWSER-IE |
| 2016-04-05 | Microsoft Internet Explorer dynamic page reloading memory corruption attempt RuleID : 37888 - Revision : 1 - Type : BROWSER-IE |
| 2016-03-14 | Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid... RuleID : 37510 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2016-03-14 | Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid... RuleID : 37509 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2016-03-14 | Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid... RuleID : 37508 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2016-03-14 | Microsoft Internet Explorer Media Service Component mdsauth.dll ActiveX clsid... RuleID : 37507 - Revision : 3 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer CSS property method handling memory corruption at... RuleID : 16011 - Revision : 10 - Type : BROWSER-IE |
| 2014-01-10 | Multiple Products excessive HTTP 304 Not Modified responses exploit attempt RuleID : 16008 - Revision : 18 - Type : OS-WINDOWS |
| 2014-01-10 | Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt RuleID : 16007 - Revision : 11 - Type : BROWSER-IE |
| 2014-01-10 | Microsoft Input Method Editor 3 ActiveX function call unicode access RuleID : 11325 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Input Method Editor 3 ActiveX function call access RuleID : 11324 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | DB Software Laboratory DeWizardX ActiveX function call unicode access RuleID : 11304 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer DB Software Laboratory DeWizardX ActiveX function... RuleID : 11303 - Revision : 12 - Type : BROWSER-PLUGINS |
| 2014-01-10 | DB Software Laboratory DeWizardX ActiveX clsid unicode access RuleID : 11302 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer DB Software Laboratory DeWizardX ActiveX clsid ac... RuleID : 11301 - Revision : 13 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Internet Explorer colgroup tag uninitialized memory exploit attempt RuleID : 11257 - Revision : 11 - Type : BROWSER-IE |
| 2014-01-10 | Research In Motion TeamOn Import ActiveX clsid unicode access RuleID : 11248 - Revision : 8 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer Research In Motion TeamOn Import ActiveX clsid ac... RuleID : 11247 - Revision : 14 - Type : BROWSER-PLUGINS |
| 2014-01-10 | Microsoft Input Method Editor 3 ActiveX clsid unicode access RuleID : 11229 - Revision : 7 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Input Method Editor 3 ActiveX clsid access RuleID : 11228 - Revision : 15 - Type : BROWSER-PLUGINS |
| 2014-01-10 | MSAuth ActiveX function call unicode access RuleID : 11227 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer MSAuth ActiveX function call access RuleID : 11226 - Revision : 11 - Type : BROWSER-PLUGINS |
| 2014-01-10 | MSAuth ActiveX clsid unicode access RuleID : 11225 - Revision : 6 - Type : WEB-ACTIVEX |
| 2014-01-10 | Microsoft Internet Explorer MSAuth ActiveX clsid access RuleID : 11224 - Revision : 12 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-08-21 | Name : The remote Windows host has an ActiveX control that allows arbitrary code exe... File : acer_acerctrls_aplunch_cmd_exec.nasl - Type : ACT_GATHER_INFO |
| 2007-05-08 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-027.nasl - Type : ACT_GATHER_INFO |
| 2007-01-12 | Name : The remote Windows host has an ActiveX control that allows arbitrary code exe... File : acer_lunchapp_activex_code_exec.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:45:40 |
|
| 2014-01-19 21:30:04 |
|
| 2013-05-11 00:49:16 |
|
