 |
|
|
|
| Microsoft Internet Explorer multiple security vulnerabilities | | Published: |  | 14.02.2007 | | Source: |  | MICROSOFT | | SecurityVulns ID: |  | 7233 | | Type: |  | client | | Level: |  | 7/10 | | Description: |  | Memory corruptions on COM objects instantiation and FTP server response parsing can be used for hidden malware installation. |
| Affected: |  | MICROSOFT : Windows 2000 Server | | | | MICROSOFT : Windows 2000 Professional | | | | MICROSOFT : Windows XP | | | | MICROSOFT : Windows 2003 Server | | | | MICROSOFT : Windows Vista | | CVE: |  | CVE-2007-0219 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from (1) Msb1fren.dll, (2) Htmlmm.ocx, and (3) Blnmgrps.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors, a different issue than CVE-2006-4697.) | | | | CVE-2007-0217 (The wininet.dll FTP client code in Microsoft Internet Explorer 5.01 and 6 might allow remote attackers to execute arbitrary code via an FTP server response of a specific length that causes a terminating null byte to be written outside of a buffer, which causes heap corruption.) | | | | CVE-2006-4697 (Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.) |
|
|
|
|
|
|
|
|
