Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
BID:25288
Info
Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
| Bugtraq ID: | 25288 |
| Class: | Unknown |
| CVE: |
CVE-2007-0943 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 14 2007 12:00AM |
| Updated: | Aug 30 2007 02:42AM |
| Credit: | Hu Qianwei of NSFocus Security Team is credited with discovering this issue. |
| Vulnerable: |
Microsoft Internet Explorer 5.0.1 SP4 HP Storage Management Appliance III HP Storage Management Appliance II HP Storage Management Appliance I HP Storage Management Appliance 2.1 HP Storage Management Appliance 2.1 Avaya Messaging Application Server MM 3.1 Avaya Messaging Application Server MM 3.0 Avaya Messaging Application Server MM 2.0 Avaya Messaging Application Server 0 Avaya Customer Interaction Express (CIE) Server 1.0 Avaya CIE 1.0.2 Avaya CIE 1.0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.
This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.
Microsoft Internet Explorer is prone to a remote code-execution vulnerability because the application fails to properly handle certain CSS data.
An attacker may exploit this issue by enticing victims into opening a maliciously crafted HTML document.
Successful exploits may allow an attacker to execute arbitrary code in the context of the user running the vulnerable application.
This issue affects Internet Explorer 5.01 SP4 running on Microsoft Windows 2000 SP4.
Exploit / POC
Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution / Fix
Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
Solution:
Microsoft released security bulletin MS07-045 and fixes to address this issue. Please see the referenced bulletin for details on obtaining and applying fixes.
Solution:
Microsoft released security bulletin MS07-045 and fixes to address this issue. Please see the referenced bulletin for details on obtaining and applying fixes.
References
Microsoft Internet Explorer CSS Strings Memory Corruption Vulnerability
References:
References:
- Microsoft Internet Explorer Homepage (Microsoft)
- NSFOCUS SA2007-01 : Microsoft IE5 CSS Parsing Memory Corruption Vulnerability (NSFOCUS Security Team
- ASA-2007-364: MS07-045 Cumulative Security Update for Internet Explorer (937143) (Avaya)
- Microsoft Security Bulletin MS07-045 (Microsoft)