Executive Summary
Summary | |
---|---|
Title | Cumulative Security Update for Internet Explorer (942615) |
Informations | |||
---|---|---|---|
Name | MS07-069 | First vendor Publication | 2007-12-11 |
Vendor | Microsoft | Last vendor Modification | 2007-12-11 |
Severity (Vendor) | Critical | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
This critical security update resolves four privately reported vulnerabilities. The most serious security impact could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights. |
Original Source
Url : http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
50 % | CWE-399 | Resource Management Errors |
17 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
17 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
17 % | CWE-94 | Failure to Control Generation of Code ('Code Injection') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:4332 | |||
Oval ID: | oval:org.mitre.oval:def:4332 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via "unexpected method calls to HTML objects," aka "DHTML Object Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5347 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4480 | |||
Oval ID: | oval:org.mitre.oval:def:4480 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via a crafted website using Javascript that creates, modifies, deletes, and accesses document objects using the tags property, which triggers heap corruption, related to uninitialized or deleted objects, a different issue than CVE-2007-3902 and CVE-2007-3903, and a variant of "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-5344 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4553 | |||
Oval ID: | oval:org.mitre.oval:def:4553 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Microsoft Internet Explorer 6 and 7 allows remote attackers to execute arbitrary code via uninitialized or deleted objects used in repeated calls to the (1) cloneNode or (2) nodeValue JavaScript function, a different issue than CVE-2007-3902 and CVE-2007-5344, a variant of "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3903 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:4582 | |||
Oval ID: | oval:org.mitre.oval:def:4582 | ||
Title: | Uninitialized Memory Corruption Vulnerability | ||
Description: | Use-after-free vulnerability in the CRecalcProperty function in mshtml.dll in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code by calling the setExpression method and then modifying the outerHTML property of an HTML element, one variant of "Uninitialized Memory Corruption Vulnerability." | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2007-3902 | Version: | 5 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista | Product(s): | Microsoft Internet Explorer |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2007-12-31 | Vantage Linguistics AnswerWorks 4 API ActiveX Control BoF Exploit |
OpenVAS Exploits
Date | Description |
---|---|
2011-01-14 | Name : Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability... File : nvt/gb_ms07-069.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
44652 | Microsoft HeartbeatCtl HRTBEAT.OCX ActiveX Unspecified Method Host Argument O... |
39121 | Microsoft IE DHTML Object Memory Corruption An unspecified memory corruption flaw exists in Internet Explorer. With a specially crafted web page, a context-dependent attacker can cause arbitrary code execution resulting in a loss of integrity. |
39120 | Microsoft IE Element Tag Uninitialized Memory Corruption A heap overflow exists in Internet Explorer. The handling of document objects may cause the document model in memory to become unstable resulting in a heap overflow. With a specially crafted web page, a remote attacker can cause arbitrary code execution resulting in a loss of integrity. |
39119 | Microsoft IE Object cloneNode / nodeValue Function Uninitialized Memory Corru... A memory corruption flaw exists in Internet Explorer. The 'cloneNode' and 'nodeValue' functions are used improperly resulting in memory corruption. With a specially crafted call, an attacker can cause arbitary code execution resulting in a loss of integrity. |
39118 | Microsoft IE Object setExpression Function Memory Corruption Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when theCRecalcProperty function in mshtml.dll references memory that has already been freed. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity. |
Snort® IPS/IDS
Date | Description |
---|---|
2017-08-01 | Microsoft Internet Explorer clone object memory corruption attempt RuleID : 43398 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | MSN Heartbeat ActiveX clsid access RuleID : 4167 - Revision : 16 - Type : BROWSER-PLUGINS |
2016-07-08 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 39156 - Revision : 1 - Type : BROWSER-IE |
2016-07-08 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 39155 - Revision : 1 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer object reference memory corruption attempt RuleID : 17622 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 17554 - Revision : 9 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer clone object memory corruption attempt RuleID : 17303 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer DOM object cache management memory corruption att... RuleID : 16067 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer location.replace memory corruption attempt RuleID : 16065 - Revision : 11 - Type : BROWSER-IE |
2014-01-10 | Microsoft HeartbeatCtl ActiveX function call unicode access RuleID : 13761 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft HeartbeatCtl ActiveX function call access RuleID : 13760 - Revision : 9 - Type : BROWSER-PLUGINS |
2014-01-10 | Microsoft HeartbeatCtl ActiveX clsid unicode access RuleID : 13759 - Revision : 5 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft HeartbeatCtl ActiveX clsid access RuleID : 13758 - Revision : 10 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Import 5 ActiveX clsid unicode access RuleID : 12970 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Import 5 ActiveX clsid access RuleID : 12969 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Import 4 ActiveX clsid unicode access RuleID : 12968 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Import 4 ActiveX clsid access RuleID : 12967 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Import 3 ActiveX clsid unicode access RuleID : 12966 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Import 3 ActiveX clsid access RuleID : 12965 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Import 2 ActiveX clsid unicode access RuleID : 12964 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Import 2 ActiveX clsid access RuleID : 12963 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Import 1 ActiveX clsid unicode access RuleID : 12962 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Import 1 ActiveX clsid access RuleID : 12961 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | MSN Heartbeat 3 ActiveX clsid unicode access RuleID : 12960 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer MSN Heartbeat 3 ActiveX clsid access RuleID : 12959 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | MSN Heartbeat 2 ActiveX clsid unicode access RuleID : 12958 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer MSN Heartbeat 2 ActiveX clsid access RuleID : 12957 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | MSN Heartbeat ActiveX clsid unicode access RuleID : 12956 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | DXLTPI.DLL ActiveX clsid unicode access RuleID : 12955 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Microsoft Internet Explorer DXLTPI.DLL ActiveX clsid access RuleID : 12954 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Vantage Linguistics 3 ActiveX clsid unicode access RuleID : 12953 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Vantage Linguistics 3 ActiveX clsid access RuleID : 12952 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Vantage Linguistics 2 ActiveX clsid unicode access RuleID : 12951 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Vantage Linguistics 2 ActiveX clsid access RuleID : 12950 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Vantage Linguistics 1 ActiveX clsid unicode access RuleID : 12949 - Revision : 6 - Type : WEB-ACTIVEX |
2014-01-10 | Vantage Linguistics 1 ActiveX clsid access RuleID : 12948 - Revision : 11 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 10 ActiveX clsid unicode access RuleID : 12412 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 10 ActiveX clsid access RuleID : 12411 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 9 ActiveX clsid unicode access RuleID : 12410 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 9 ActiveX clsid access RuleID : 12409 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 8 ActiveX clsid unicode access RuleID : 12408 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 8 ActiveX clsid access RuleID : 12407 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 7 ActiveX clsid unicode access RuleID : 12406 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 7 ActiveX clsid access RuleID : 12405 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 6 ActiveX clsid unicode access RuleID : 12404 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 6 ActiveX clsid access RuleID : 12403 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 5 ActiveX clsid unicode access RuleID : 12402 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 5 ActiveX clsid access RuleID : 12401 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 4 ActiveX clsid unicode access RuleID : 12400 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 4 ActiveX clsid access RuleID : 12399 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 3 ActiveX clsid unicode access RuleID : 12398 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 3 ActiveX clsid access RuleID : 12397 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 2 ActiveX clsid unicode access RuleID : 12396 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 2 ActiveX clsid access RuleID : 12395 - Revision : 12 - Type : BROWSER-PLUGINS |
2014-01-10 | Intuit QuickBooks Online Edition 1 ActiveX clsid unicode access RuleID : 12394 - Revision : 7 - Type : WEB-ACTIVEX |
2014-01-10 | Intuit QuickBooks Online Edition 1 ActiveX clsid access RuleID : 12393 - Revision : 12 - Type : BROWSER-PLUGINS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2007-12-11 | Name : Arbitrary code can be executed on the remote host through the web client. File : smb_nt_ms07-069.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2018-10-13 00:25:19 |
|
2014-02-17 11:45:50 |
|
2014-01-19 21:30:09 |
|
2013-05-11 12:22:05 |
|