Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
{"checkpoint_advisories": [{"lastseen": "2021-12-17T12:35:01", "description": "Microsoft Internet Explorer (IE) is the most widely used web browser application. The browser is capable of processing HTML, images, scripting languages, and various other popular Internet specifications. The application is also capable of using Cascading Style Sheets (CSS). A remote code execution vulnerability exists in Microsoft Internet Explorer. The flaw is caused by an improper handling of malformed Cascading Style Sheet (CSS) content. A remote attacker can exploit this vulnerability by enticing the target user to open a crafted web page, potentially causing arbitrary code to be injected and executed in the security context of the current user. In case of an attack where code injection and execution is successful, the behavior of the target is entirely dependent on the intended function of the injected code. The code in such a case would execute within the security context of the current user. In case of an attack where code injection is not successful, Internet Explorer may terminate abnormally.", "cvss3": {}, "published": "2010-02-25T00:00:00", "type": "checkpoint_advisories", "title": "Internet Explorer CSS Strings Parsing Memory Corruption (MS07-045; CVE-2007-0943)", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2007-0943"], "modified": "2014-05-12T00:00:00", "id": "CPAI-2007-307", "href": "", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "prion": [{"lastseen": "2023-11-22T05:27:30", "description": "Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.", "cvss3": {}, "published": "2007-08-14T21:17:00", "type": "prion", "title": "Out-of-bounds", "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2007-0943"], "modified": "2021-07-23T12:18:00", "id": "PRION:CVE-2007-0943", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2007-0943", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}], "seebug": [{"lastseen": "2017-11-19T22:08:48", "description": "BUGTRAQ ID: 25288\r\nCVE(CAN) ID: CVE-2007-0943\r\n\r\nInternet Explorer\u662f\u5fae\u8f6f\u53d1\u5e03\u7684\u975e\u5e38\u6d41\u884c\u7684WEB\u6d4f\u89c8\u5668\u3002\r\n\r\nIE 5.0\u5728\u89e3\u6790\u6837\u5f0f\u8868(CSS)\u6587\u4ef6\u65f6\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u80fd\u5229\u7528\u6b64\u6f0f\u6d1e\u63a7\u5236\u7528\u6237\u7cfb\u7edf\u3002\r\n\r\n\u7531\u4e8e\u6ca1\u6709\u5bf9\u6570\u636e\u6307\u9488\u8fdb\u884c\u5fc5\u8981\u7684\u68c0\u67e5\uff0c\u5f53\u5904\u7406\u7279\u6b8a\u683c\u5f0f\u7684CSS\u6587\u4ef6\u65f6\uff0c\u4f1a\u9020\u6210\u6307\u9488\u8d8a\u754c\uff0c\u5e76\u6539\u5199\u5185\u5b58\u6570\u636e\u3002\u901a\u8fc7\u7cbe\u5fc3\u6784\u9020\u6570\u636e\uff0c\u653b\u51fb\u7740\u53ef\u80fd\u8fdc\u7a0b\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u521b\u5efa\u6076\u610fWEB\u9875\u9762\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\uff0c\u4ece\u800c\u4ee5\u8be5\u7528\u6237\u8eab\u4efd\u6267\u884c\u4efb\u610f\u4efb\u610f\u547d\u4ee4\u3002\u5982\u679c\u8be5\u7528\u6237\u662f\u7ba1\u7406\u5458\uff0c\u5219\u653b\u51fb\u8005\u53ef\u4ee5\u5b8c\u5168\u63a7\u5236\u7528\u6237\u6240\u5728\u7cfb\u7edf\u3002\u5373\u4f7f\u5c06IE\u7684\u5b89\u5168\u7ea7\u522b\u8bbe\u7f6e\u4e3a\u9ad8\uff0c\u7528\u6237\u4ecd\u7136\u4f1a\u53d7\u6b64\u6f0f\u6d1e\u5f71\u54cd\u3002\r\n\n\nMicrosoft Internet Explorer 5.01\n Microsoft\u5df2\u7ecf\u4e3a\u6b64\u53d1\u5e03\u4e86\u4e00\u4e2a\u5b89\u5168\u516c\u544a\uff08MS07-045\uff09\u4ee5\u53ca\u76f8\u5e94\u8865\u4e01:\r\nMS07-045\uff1aCumulative Security Update for Internet Explorer (937143)\r\n\u94fe\u63a5\uff1a<a href=\"http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx?pf=true\" target=\"_blank\">http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx?pf=true</a>", "cvss3": {}, "published": "2007-08-17T00:00:00", "type": "seebug", "title": "Microsoft IE CSS\u5b57\u7b26\u4e32\u5185\u5b58\u7834\u574f\u6f0f\u6d1e\uff08MS07-045\uff09", "bulletinFamily": "exploit", "cvss2": {}, "cvelist": ["CVE-2007-0943"], "modified": "2007-08-17T00:00:00", "id": "SSV:2120", "href": "https://www.seebug.org/vuldb/ssvid-2120", "sourceData": "", "sourceHref": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:23", "description": "NSFOCUS Security Advisory (SA2007-01)\r\n\r\nMicrosoft IE5 CSS Parsing Memory Corruption Vulnerability\r\n\r\nRelease Date: 2007-08-15\r\n\r\nCVE ID: CVE-2007-0943\r\n\r\nhttp://www.nsfocus.com/english/homepage/research/0701.htm\r\n\r\nAffected systems & software\r\n===================\r\n\r\nInternet Explorer 5.01\r\n\r\n\r\nUnaffected systems & software\r\n===================\r\n\r\n\r\nSummary\r\n=========\r\n\r\nNSFocus Security Team discovered a memory corruption vulnerability in IE 5 \r\nthat allows arbitrary code execution when parsing a malicious CSS file.\r\n\r\nDescription\r\n============\r\n\r\nThere exists a vulnerability when IE 5.0 parses CSS due to insufficient check \r\non the pointer. Out-of-bound pointer reference and memory overwriting might \r\noccur in the handling of malformed CSS files, which allows attackers to run \r\narbitrary code via carefully crafted data. \r\n\r\nAttackers can run arbitrary code by crafting a malicious WEB page and alluring \r\nusers to visit it. If the victim is an administrator, then attackers can gain \r\ncomplete control over the system. \r\n\r\nThe system will be vulnerable even if the security level of IE is set to "High". \r\n\r\nWorkaround\r\n=============\r\n\r\nDo not visit untrusted websites. \r\n \r\nVendor Status\r\n==============\r\n\r\n2006.08.31 Informed the vendor\r\n2006.09.01 Vendor confirmed the vulnerability\r\n2007.08.14 Microsoft released MS07-045 to fix the vulnerability.\r\n \r\nFor more details about Microsoft Security Bulletin, please refer to:\r\nhttp://www.microsoft.com/technet/security/bulletin/MS07-045.mspx\r\n\r\nAdditional Information\r\n========================\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned the\r\nname CVE-2007-0943 to this issue. This is a candidate for inclusion in the \r\nCVE list (http://cve.mitre.org), which standardizes names for security problems.\r\nCandidates may change significantly before they become official CVE entries.\r\n\r\nAcknowledgment\r\n===============\r\n\r\nHu Qianwei of NSFocus Security Team found the vulnerability.\r\n\r\nDISCLAIMS\r\n==========\r\nTHE INFORMATION PROVIDED IS RELEASED BY NSFOCUS "AS IS" WITHOUT WARRANTY\r\nOF ANY KIND. NSFOCUS DISCLAIMS ALL WARRANTIES, EITHER EXPRESSED OR IMPLIED,\r\nEXCEPT FOR THE WARRANTIES OF MERCHANTABILITY. IN NO EVENT SHALL NSFOCUS\r\nBE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT,\r\nINCIDENTAL,CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES,\r\nEVEN IF NSFOCUS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.\r\nDISTRIBUTION OR REPRODUCTION OF THE INFORMATION IS PROVIDED THAT THE\r\nADVISORY IS NOT MODIFIED IN ANY WAY.\r\n\r\nCopyright 1999-2007 NSFOCUS. All Rights Reserved. Terms of use.\r\n\r\n\r\nNSFocus Security Team <security@nsfocus.com>\r\nNSFOCUS INFORMATION TECHNOLOGY CO.,LTD\r\n(http://www.nsfocus.com)", "cvss3": {}, "published": "2007-08-16T00:00:00", "type": "securityvulns", "title": "NSFOCUS SA2007-01 : Microsoft IE5 CSS Parsing Memory Corruption Vulnerability", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0943"], "modified": "2007-08-16T00:00:00", "id": "SECURITYVULNS:DOC:17809", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17809", "sourceData": "", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2018-08-31T11:09:26", "description": "Memory corruption on ActiveX parsing, unsafe Visual Basic ActiveX execution, Visual Basic ActiveX memory corruption.", "cvss3": {}, "published": "2007-08-17T00:00:00", "type": "securityvulns", "title": "Microsoft Internet Explorer multiple security vulnerabilities", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-0943", "CVE-2007-2216", "CVE-2007-3041"], "modified": "2007-08-17T00:00:00", "id": "SECURITYVULNS:VULN:8042", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:8042", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:23", "description": "Microsoft Security Bulletin MS07-045 - Critical\r\nCumulative Security Update for Internet Explorer (937143)\r\nPublished: August 14, 2007\r\n\r\nVersion: 1.0\r\nGeneral Information\r\nExecutive Summary\r\n\r\nThis critical security update resolves three privately reported vulnerabilities. These vulnerabilities could allow remote code execution if a user viewed a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nThe security update is rated critical for supported releases of Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1. For Internet Explorer 6 for supported versions and editions of Windows XP Home and Windows XP Professional, the security update is also rated critical, otherwise it is rated moderate for other supported operating systems. For Internet Explorer 7 for supported versions and editions of Windows XP and Windows XP Professional, and Internet Explorer 7 in Windows Vista, the security update is rated Important, otherwise it is rated low. For more information, see the subsection, Affected and Non-Affected Software, in this section.\r\n\r\nThe security update addresses two vulnerabilities by setting the kill bit for ActiveX controls, and addresses the third vulnerability by modifying the way that Internet Explorer handles certain strings in CSS files. For more information about the vulnerabilities, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry under the next section, Vulnerability Information.\r\n\r\nRecommendation. Microsoft recommends that customers apply the update immediately.\r\n\r\nKnown Issues. Microsoft Knowledge Base Article 937143 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.\r\nTop of sectionTop of section\r\nAffected and Non-Affected Software\r\n\r\nThe software listed here has been tested to determine which versions or editions are affected. Other versions or editions are either past their support life cycle or are not affected. To determine the support life cycle for your software version or edition, visit Microsoft Support Lifecycle.\r\n\r\nAffected Software\r\nOperating System\tComponent\tMaximum Security Impact\tAggregate Severity Rating\tBulletins Replaced by This Update\r\nInternet Explorer 5.01 and Internet Explorer 6 Service Pack 1\t \t \t \t \r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nMicrosoft Internet Explorer 5.01 Service Pack 4\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS07-033\r\n\r\nMicrosoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nMicrosoft Internet Explorer 6 Service Pack 1\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS07-033\r\nInternet Explorer 6\t \t \t \t \r\n\r\nWindows XP Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nMicrosoft Internet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nMicrosoft Internet Explorer 6\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\t\r\n\r\nMS07-033\r\nInternet Explorer 7\t \t \t \t \r\n\r\nWindows XP Service Pack 2\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Vista\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS07-033\r\n\r\nWindows Vista x64 Edition\r\n\t\r\n\r\nWindows Internet Explorer 7\r\n\t\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\t\r\n\r\nMS07-033\r\nTop of sectionTop of section\r\n\t\r\nFrequently Asked Questions (FAQ) Related to This Security Update\r\n\r\nWhat are the known issues that customers may experience when they install this security update? \r\nMicrosoft Knowledge Base Article 937143 documents the currently known issues that customers may experience when they install this security update. The article also documents recommended solutions for these issues.\r\n\r\nWhy does this update address several reported security vulnerabilities? \r\nThis update addresses several vulnerabilities because the modifications for these issues are located in related files. Instead of having to install several updates that are almost the same, customers need to install this update only.\r\n\r\nDoes this update contain any security-related changes that are not Internet Explorer specific? \r\nYes. The changes are listed under the specific vulnerability entries, \u201cActiveX Object Instantiation Memory Corruption Vulnerability - CVE-2007-2216\u201d and \u201cActiveX Object Instantiation Memory Corruption Vulnerability - CVE-2007-3041,\u201d in the next section, Vulnerability Information.\r\n\r\nDoes this update contain any security-related changes to functionality? \r\nYes. Besides the changes that are listed in the \u201cVulnerability Details\u201d section of this bulletin, this update includes the following security-related changes:\r\n\u2022\t\r\n\r\nThis update sets a kill bit for the ActiveX control, ouactrl.ocx, that is out of support:\r\n\u2022\t\r\n\r\n{8936033C-4A50-11D1-98A4-00A0C90F27C6}\r\n\u2022\t\r\n\r\nThis update sets the kill bit for ActiveX controls addressed in previous Microsoft Security Bulletins:\r\n\u2022\t\r\n\r\nThe CAPICOM control addressed in Microsoft Security Bulletin MS07-028: Vulnerability in CAPICOM Could Allow Remote Code Execution (931906):\r\n\u2022\t\r\n\r\n{FBAB033B-CDD0-4C5E-81AB-AEA575CD1338}\r\n\u2022\t\r\n\r\n{17E3A1C3-EA8A-4970-AF29-7F54610B1D4C}\r\n\r\nThis update includes killbits that will prevent the following ActiveX controls from being run in Internet Explorer:\r\n\u2022\t\r\n\r\nThis security update sets a kill bit for the Download Manager ActiveX control, available from Akamai Technologies. Akamai Technologies has released an update that addresses a vulnerability in the affected component. For more information please see, CVE-2007-1892 and CVE-2007-1891. This kill bit is set at the request of the owner of the ActiveX control. The class identifier (CLSID) for this ActiveX control is:\r\n\u2022\t\r\n\r\n{2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B}\r\n\u2022\t\r\n\r\nThis security update sets a kill bit for an ActiveX control available from Lenovo. Lenovo has released a security bulletin and an update that addresses a vulnerability in the effected component. For more information and download locations, see the security bulletin from Lenovo. This kill bit is being set at the request of the owner of the ActiveX control. The class identifiers (CLSID) for this ActiveX control are:\r\n\u2022\t\r\n\r\n{76E5AF9D-2B3E-4FEB-A31F-A9E63A27FA29}\r\n\u2022\t\r\n\r\n{E598AC61-4C6F-4F4D-877F-FAC49CA91FA3}\r\n\u2022\t\r\n\r\nThis security update sets a kill bit for an ActiveX control available from Motive Incorporated. Motive Incorporated has released a security bulletin and an update that addresses a vulnerability in the effected component. For more information and download locations, see the security bulletin from Motive Incorporated. This kill bit is being set at the request of the owner of the ActiveX control. The class identifier (CLSID) for this ActiveX control is:\r\n\u2022\t\r\n\r\n{D256B2D9-9C58-445A-8C38-C3AAA84EF137}\r\n\r\nI am using an older release of the software discussed in this security bulletin. What should I do? \r\nThe affected software listed in this bulletin have been tested to determine which releases are affected. Other releases are past their support life cycle. To determine the support life cycle for your software release, visit Microsoft Support Lifecycle.\r\n\r\nIt should be a priority for customers who have older releases of the software to migrate to supported releases to prevent potential exposure to vulnerabilities. For more information about the Windows Product Lifecycle, visit the following Microsoft Support Lifecycle. For more information about the extended security update support period for these software releases, visit the Microsoft Product Support Services Web site.\r\n\r\nCustomers who require custom support for older software must contact their Microsoft account team representative, their Technical Account Manager, or the appropriate Microsoft partner representative for custom support options. Customers without an Alliance, Premier, or Authorized Contract can contact their local Microsoft sales office. For contact information, visit the Microsoft Worldwide Information Web site, select the country, and then click Go to see a list of telephone numbers. When you call, ask to speak with the local Premier Support sales manager. For more information, see the Windows Operating System Product Support Lifecycle FAQ.\r\nTop of sectionTop of section\r\nVulnerability Information\r\n\t\r\nSeverity Ratings and Vulnerability Identifiers\r\nVulnerability Severity Rating and Maximum Security Impact by Affected Software\r\nAffected Software\tCSS Memory Corruption Vulnerability - CVE-2007-0943\tActiveX Object Vulnerability - CVE-2007-2216\tActiveX Object Memory Corruption Vulnerability - CVE-2007-3041\tAggregate Severity Rating\r\nInternet Explorer 5.01 and Internet Explorer 6 Service Pack 1\t \t \t \t \r\n\r\nInternet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 6 Service Pack 1 when installed on Microsoft Windows 2000 Service Pack 4\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\nInternet Explorer 6\t \t \t \t \r\n\r\nInternet Explorer 6 for Windows XP Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 6 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nCritical\r\n\r\nInternet Explorer 6 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nModerate\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\r\nInternet Explorer 6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nModerate\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\r\nInternet Explorer 6 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nModerate\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nModerate\r\nInternet Explorer 7\t \t \t \t \r\n\r\nInternet Explorer 7 for Windows XP Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 for Windows XP Professional x64 Edition and Windows XP Professional x64 Edition Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 for Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nLow\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\r\nInternet Explorer 7 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition Service Pack 2\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nLow\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\r\nInternet Explorer 7 for Windows Server 2003 with SP1 for Itanium-based Systems and Windows Server 2003 with SP2 for Itanium-based Systems\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nLow\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nLow\r\n\r\nInternet Explorer 7 in Windows Vista\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nInternet Explorer 7 in Windows Vista x64 Edition\r\n\t\r\n\r\nNone\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\n\r\nRemote Code Execution\r\n\t\r\n\r\nImportant\r\nTop of sectionTop of section\r\n\t\r\nCSS Memory Corruption Vulnerability - CVE-2007-0943\r\n\r\nA remote code execution vulnerability exists in the way Internet Explorer parses certain strings in CSS. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user..\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-0943.\r\n\t\r\nMitigating Factors for CSS Memory Corruption Vulnerability - CVE-2007-0943\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability. In addition, compromised Web sites and Web sites that accept or host user-provided content or advertisements could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\u2022\t\r\n\r\nInternet Explorer 6 and 7 are not affected by this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for CSS Memory Corruption Vulnerability - CVE-2007-0943\r\n\r\nWe have not identified any workarounds for this vulnerability.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for CSS Memory Corruption Vulnerability - CVE-2007-0943\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.\r\n\r\nWhat causes the vulnerability? \r\nWhen Internet Explorer parses certain CSS strings under certain conditions, memory may be corrupted in such a way that an attacker could execute arbitrary code in the context of the logged-on user.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability and then persuade a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to persuade users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user is logged on and visits a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat is CSS? \r\nCSS or Cascading Style Sheets is a formatting method for Web pages using HTML. For more information about CSS, visit the Microsoft TechNet Web site.\r\n\r\nWhat does the update do? \r\nThe update prevents memory corruption when Internet Explorer parses CSS text.\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nActiveX Object Vulnerability - CVE-2007-2216\r\n\r\nA remote code execution vulnerability exists in the ActiveX control, tblinf32.dll. This control can also be found under the name of vstlbinf.dll. Both of these components were never intended to be supported in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-2216.\r\n\t\r\nMitigating Factors for ActiveX Object Vulnerability - CVE-2007-2216\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for ActiveX Object Vulnerability - CVE-2007-2216\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nPrevent COM objects from running in Internet Explorer\r\n\r\nYou can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry.\r\n\r\nWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.\r\n\r\nFor detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow these steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.\r\n\r\nNote The Class Identifiers and corresponding files where the COM objects are contained are documented under \u201cWhat does the update do?\u201d in the \u201cFAQ for ActiveX Object Vulnerability - CVE-2007-2216\u201d subsection. Replace {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} below with the Class Identifiers found in that FAQ subsection.\r\n\r\nTo set the kill bit for a CLSID with a value of {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.\r\n\r\n[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }]\r\n"Compatibility Flags"=dword:00000400\r\n\r\nYou can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:\r\n\u2022\t\r\n\r\nGroup Policy collection\r\n\u2022\t\r\n\r\nWhat is Group Policy Object Editor?\r\n\u2022\t\r\n\r\nCore Group Policy tools and settings\r\n\r\nNote You must restart Internet Explorer for your changes to take effect.\r\n\r\nImpact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer.\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to \u201cHigh\u201d to prompt before running ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against this vulnerability by changing your settings for the Internet security zone to prompt before running ActiveX controls. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Microsoft Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround: There are side effects to prompting before running ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run ActiveX Controls or Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone\u201d.\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your computer. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for ActiveX Object Vulnerability - CVE-2007-2216\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.\r\n\r\nWhat causes the vulnerability? \r\nThe control implemented IObjectsafety incorrectly. For more information about IObjectsafety, visit the Microsoft TechNet Web site\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visit a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat is the ActiveX opt-in feature in Windows Internet Explorer 7? \r\nWindows Internet Explorer 7 includes an ActiveX opt-in feature, which means that nearly all pre-installed ActiveX controls are off by default. Users are prompted by the Information Bar before they can instantiate a previously installed ActiveX control that has not yet been used on the Internet. This enables a user to permit or deny access on a control-by-control basis. For more information about this and other new features, see the Windows Internet Explorer 7 features page.\r\n\r\nWhat does the update do? \r\nThis update sets the kill bit for a list of Class Identifiers (CLSIDs).\r\n\r\nThe Class Identifiers are as follows:\r\nClass Identifier\tSoftware\r\n\r\n{8B217746-717D-11CE-AB5B-D41203C10000}\r\n\t\r\n\r\nMicrosoft Visual Basic 6\r\n\r\n{8B217752-717D-11CE-AB5B-D41203C10000}\r\n\t\r\n\r\nMicrosoft Visual Basic 6\r\n\r\n{8B21775E-717D-11CE-AB5B-D41203C10000}\r\n\t\r\n\r\nMicrosoft Visual Basic 6\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued.\r\nTop of sectionTop of section\r\nTop of sectionTop of section\r\n\t\r\nActiveX Object Memory Corruption Vulnerability - CVE-2007-3041\r\n\r\nA remote code execution vulnerability exists in the ActiveX object, pdwizard.ocx. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.\r\n\r\nTo view this vulnerability as a standard entry in the Common Vulnerabilities and Exposures list, see CVE-2007-3041.\r\n\t\r\nMitigating Factors for ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041\r\n\r\nMitigation refers to a setting, common configuration, or general best-practice, existing in a default state, that could reduce the severity of exploitation of a vulnerability. The following mitigating factors may be helpful in your situation:\r\n\u2022\t\r\n\r\nIn a Web-based attack scenario, an attacker could host a Web site that contains a Web page that is used to exploit this vulnerability In addition, compromised Web sites and Web sites that accept or host user-provided content could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail or Instant Messenger message that takes users to the attacker's Web site.\r\n\u2022\t\r\n\r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\nTop of sectionTop of section\r\n\t\r\nWorkarounds for ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041\r\n\r\nWorkaround refers to a setting or configuration change that does not correct the underlying vulnerability but would help block known attack vectors before you apply the update. Microsoft has tested the following workarounds and states in the discussion whether a workaround reduces functionality:\r\n\u2022\t\r\n\r\nPrevent COM objects from running in Internet Explorer\r\n\r\nYou can disable attempts to instantiate a COM object in Internet Explorer by setting the kill bit for the control in the registry.\r\n\r\nWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.\r\n\r\nFor detailed steps that you can use to prevent a control from running in Internet Explorer, see Microsoft Knowledge Base Article 240797. Follow these steps in this article to create a Compatibility Flags value in the registry to prevent a COM object from being instantiated in Internet Explorer.\r\n\r\nNote The Class Identifiers and corresponding files where the COM objects are contained are documented under \u201cWhat does the update do?\u201d in the \u201cFAQ for ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041\u201d subsection. Replace {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX} below with the Class Identifiers found in this section.\r\n\r\nTo set the kill bit for a CLSID with a value of {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.\r\n\r\n\r\n[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{ XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX }]\r\n"Compatibility Flags"=dword:00000400\r\n\r\nYou can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:\r\n\u2022\t\r\n\r\nGroup Policy collection\r\n\u2022\t\r\n\r\nWhat is Group Policy Object Editor?\r\n\u2022\t\r\n\r\nCore Group Policy tools and settings\r\n\r\nNote You must restart Internet Explorer for your changes to take effect.\r\n\r\nImpact of Workaround: There is no impact as long as the object is not intended to be used in Internet Explorer.\r\n\u2022\t\r\n\r\nSet Internet and Local intranet security zone settings to \u201cHigh\u201d to prompt before running ActiveX Controls and Active Scripting in these zones\r\n\r\nYou can help protect against this vulnerability by changing your settings for the Internet security zone to prompt before running ActiveX controls. You can do this by setting your browser security to High.\r\n\r\nTo raise the browsing security level in Microsoft Internet Explorer, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nOn the Internet Explorer Tools menu, click Internet Options.\r\n\r\n2.\r\n\t\r\n\r\nIn the Internet Options dialog box, click the Security tab, and then click the Internet icon.\r\n\r\n3.\r\n\t\r\n\r\nUnder Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.\r\n\r\nNote If no slider is visible, click Default Level, and then move the slider to High.\r\n\r\nNote Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High.\r\n\r\nImpact of workaround: There are side effects to prompting before running ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run ActiveX Controls or Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone\u201d.\r\n\r\nAdd sites that you trust to the Internet Explorer Trusted sites zone\r\n\r\nAfter you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone.\r\n\r\nTo do this, follow these steps:\r\n\r\n1.\r\n\t\r\n\r\nIn Internet Explorer, click Tools, click Internet Options, and then click the Security tab.\r\n\r\n2.\r\n\t\r\n\r\nIn the Select a Web content zone to specify its current security settings box, click Trusted Sites, and then click Sites.\r\n\r\n3.\r\n\t\r\n\r\nIf you want to add sites that do not require an encrypted channel, click to clear the Require server verification (https:) for all sites in this zone check box.\r\n\r\n4.\r\n\t\r\n\r\nIn the Add this Web site to the zone box, type the URL of a site that you trust, and then click Add.\r\n\r\n5.\r\n\t\r\n\r\nRepeat these steps for each site that you want to add to the zone.\r\n\r\n6.\r\n\t\r\n\r\nClick OK two times to accept the changes and return to Internet Explorer.\r\n\r\nNote Add any sites that you trust not to take malicious action on your computer. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update.\r\nTop of sectionTop of section\r\n\t\r\nFAQ for ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041\r\n\r\nWhat is the scope of the vulnerability? \r\nThis is a remote code execution vulnerability. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.\r\n\r\nWhat causes the vulnerability? \r\nWhen the ActiveX object is used in Internet Explorer, the objects may corrupt the system state in such a way that an attacker could execute arbitrary code.\r\n\r\nWhat might an attacker use the vulnerability to do? \r\nAn attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.\r\n\r\nHow could an attacker exploit the vulnerability? \r\nAn attacker could host a specially crafted Web site that is designed to exploit this vulnerability through Internet Explorer and then convince a user to view the Web site. This can also include compromised Web sites and Web sites that accept or host user-provided content or advertisements. These Web sites could contain specially crafted content that could exploit this vulnerability. In all cases, however, an attacker would have no way to force users to visit these Web sites. Instead, an attacker would have to convince users to visit the Web site, typically by getting them to click a link in an e-mail message or in an Instant Messenger request that takes users to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.\r\n\r\nWhat systems are primarily at risk from the vulnerability? \r\nThis vulnerability requires that a user be logged on and visit a Web site for any malicious action to occur. Therefore, any systems where Internet Explorer is used frequently, such as workstations or terminal servers, are at the most risk from this vulnerability.\r\n\r\nWhat is the ActiveX opt-in feature in Windows Internet Explorer 7? \r\nWindows Internet Explorer 7 includes an ActiveX opt-in feature, which means that nearly all pre-installed ActiveX controls are off by default. Users are prompted by the Information Bar before they can instantiate a previously installed ActiveX control that has not yet been used on the Internet. This enables a user to permit or deny access on a control-by-control basis. For more information about this and other new features, see the Windows Internet Explorer 7 features page.\r\n\r\nWhat does the update do? \r\nThis update sets the kill bit for a list of Class Identifier (CLSIDs).\r\n\r\nThe Class Identifier is as follows:\r\nClass Identifier\tSoftware\r\n\r\n{0DDF3B5C-E692-11D1-AB06-00AA00BDD685}\r\n\t\r\n\r\nMicrosoft Visual Basic 6.0\r\n\r\nWhen this security bulletin was issued, had this vulnerability been publicly disclosed? \r\nNo. Microsoft received information about this vulnerability through responsible disclosure.\r\n\r\nWhen this security bulletin was issued, had Microsoft received any reports that this vulnerability was being exploited? \r\nNo. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers and had not seen any examples of proof of concept code published when this security bulletin was originally issued\r\n\r\nOther Information\r\n\r\nAcknowledgments\r\n\r\nMicrosoft thanks the following for working with us to help protect customers:\r\n\u2022\t\r\n\r\nNSFocus Security Team for reporting the CSS Memory Corruption Vulnerability - CVE-2007-0943.\r\n\u2022\t\r\n\r\nBrett Moore of Security-Assessment.com for reporting the ActiveX Object Vulnerability - CVE-2007-2216.\r\n\r\nSupport\r\n\u2022\t\r\n\r\nCustomers in the U.S. and Canada can receive technical support from Microsoft Product Support Services at 1-866-PCSAFETY. There is no charge for support calls that are associated with security updates.\r\n\u2022\t\r\n\r\nInternational customers can receive support from their local Microsoft subsidiaries. There is no charge for support that is associated with security updates. For more information about how to contact Microsoft for support issues, visit the International Support Web site.\r\n\r\nDisclaimer\r\n\r\nThe information provided in the Microsoft Knowledge Base is provided "as is" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.\r\nTop of sectionTop of section\r\nRevisions\r\n\u2022\t\r\n\r\nV1.0 (August 14, 2007): Bulletin published.", "cvss3": {}, "published": "2007-08-14T00:00:00", "type": "securityvulns", "title": "Microsoft Security Bulletin MS07-045 - Critical Cumulative Security Update for Internet Explorer (937143)", "bulletinFamily": "software", "hackapp": {}, "cvss2": {}, "cvelist": ["CVE-2007-1892", "CVE-2007-0943", "CVE-2007-2216", "CVE-2007-1891", "CVE-2007-3041"], "modified": "2007-08-14T00:00:00", "id": "SECURITYVULNS:DOC:17788", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:17788", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-20T08:49:08", "description": "Unspecified vulnerability in the pdwizard.ocx ActiveX object for \n Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute \n arbitrary code via unknown vectors related to Microsoft Visual Basic 6\n objects and memory corruption, aka ActiveX Object Memory Corruption \n Vulnerability.", "cvss3": {}, "published": "2010-07-08T00:00:00", "type": "openvas", "title": "Cumulative Security Update for Internet Explorer (937143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0943", "CVE-2007-2216", "CVE-2007-3041"], "modified": "2017-07-05T00:00:00", "id": "OPENVAS:102058", "href": "http://plugins.openvas.org/nasl.php?oid=102058", "sourceData": "###################################################################\n# OpenVAS Network Vulnerability Test\n#\n# Cumulative Security Update for Internet Explorer (937143)\n#\n# LSS-NVT-2010-047\n#\n# Developed by LSS Security Team <http://security.lss.hr>\n#\n# Copyright (C) 2009 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\ntag_solution = \"Run Windows Update or apply patches available from the following\n website:\n http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx\";\ntag_summary = \"Unspecified vulnerability in the pdwizard.ocx ActiveX object for \n Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute \n arbitrary code via unknown vectors related to Microsoft Visual Basic 6\n objects and memory corruption, aka ActiveX Object Memory Corruption \n Vulnerability.\";\n\nif(description)\n{\n script_id(102058);\n script_version(\"$Revision: 6527 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-05 07:56:34 +0200 (Wed, 05 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_bugtraq_id(25288, 25289, 25295);\n script_cve_id(\"CVE-2007-0943\", \"CVE-2007-2216\", \"CVE-2007-3041\");\n script_name(\"Cumulative Security Update for Internet Explorer (937143)\");\n script_xref(name : \"URL\" , value : \"http://www.nsfocus.com/english/homepage/research/0701.htm\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_mandatory_keys(\"MS/IE/Version\");\n script_require_ports(139, 445);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2k:5 ,xp:4 ,win2003:3 ,vista:3) <= 0){\n exit(0);\n}\n\nieVer = get_kb_item(\"MS/IE/Version\");\nif(!ieVer){\n exit(0);\n}\n\n# MS07-045 Hotfix (937143)\nif(hotfix_missing(name:\"937143\") == 0){\n exit(0);\n}\naffected=0;\n\ndllPath = registry_get_sz(item:\"Install Path\",\n key:\"SOFTWARE\\Microsoft\\COM3\\Setup\");\ndllPath += \"\\mshtml.dll\";\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath);\n\nvers = GetVer(file:file, share:share);\nif(!vers){\n exit(0);\n}\n\n#CVE-2007-0943, CVE-2007-2216, CVE-2007-3041\nif(hotfix_check_sp(win2k:5) > 0)\n{\n SP = get_kb_item(\"SMB/Win2K/ServicePack\");\n if(\"Service Pack 4\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\",\n test_version2:\"6.0.2800.1597\") ||\n version_in_range(version:vers, test_version:\"5.0\",\n test_version2:\"5.0.3854.1200\")){\n security_message(0); exit(0);\n }\n }\n\n}\nelse if(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\",\n test_version2:\"6.0.2900.3157\") ||\n\t version_in_range(version:vers, test_version:\"7.0\",\n test_version2:\"7.0.6000.16525\")){\n security_message(0); exit(0);\n }\n }\n \n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\",\n test_version2:\"6.0.3790.2954\") ||\n\t version_in_range(version:vers, test_version:\"7.0\",\n test_version2:\"7.0.6000.16525\")){\n security_message(0); exit(0);\n }\n }\n else if(\"Service Pack 2\" >< SP)\n {\n\n if(version_in_range(version:vers, test_version:\"6.0\",\n test_version2:\"6.0.2900.3157\") ||\n version_in_range(version:vers, test_version:\"6.0\",\n test_version2:\"6.0.3790.4106\") ||\n version_in_range(version:vers, test_version:\"7.0\",\n test_version2:\"7.0.6000.16525\")){\n security_message(0); exit(0);\n }\n }\n}\n\nelse if(hotfix_check_sp(vista:2) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 0\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"7.0\",\n test_version2:\"7.0.6000.16527\")){\n security_message(0); exit(0);\n }\n } \n}\n\n", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2020-02-18T17:00:45", "description": "Unspecified vulnerability in the pdwizard.ocx ActiveX object for\n Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute\n arbitrary code via unknown vectors related to Microsoft Visual Basic 6\n objects and memory corruption, aka ActiveX Object Memory Corruption\n Vulnerability.", "cvss3": {}, "published": "2010-07-08T00:00:00", "type": "openvas", "title": "Cumulative Security Update for Internet Explorer (937143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0943", "CVE-2007-2216", "CVE-2007-3041"], "modified": "2020-02-17T00:00:00", "id": "OPENVAS:1361412562310102058", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310102058", "sourceData": "##############################################################################\n# OpenVAS Vulnerability Test\n# Cumulative Security Update for Internet Explorer (937143)\n#\n# Copyright (C) 2010 LSS <http://www.lss.hr>\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public\n# License along with this program. If not, see\n# <http://www.gnu.org/licenses/>.\n###################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.102058\");\n script_version(\"2020-02-17T07:29:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-02-17 07:29:25 +0000 (Mon, 17 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2010-07-08 10:59:30 +0200 (Thu, 08 Jul 2010)\");\n script_bugtraq_id(25288, 25289, 25295);\n script_cve_id(\"CVE-2007-0943\", \"CVE-2007-2216\", \"CVE-2007-3041\");\n script_name(\"Cumulative Security Update for Internet Explorer (937143)\");\n script_xref(name:\"URL\", value:\"http://www.nsfocus.com/english/homepage/research/0701.htm\");\n script_xref(name:\"URL\", value:\"https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045\");\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2010 LSS\");\n script_family(\"Windows : Microsoft Bulletins\");\n script_dependencies(\"gb_ms_ie_detect.nasl\");\n script_require_ports(139, 445);\n script_mandatory_keys(\"MS/IE/Version\");\n\n script_tag(name:\"solution\", value:\"The vendor has released updates. Please see the references for more information.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_tag(name:\"summary\", value:\"Unspecified vulnerability in the pdwizard.ocx ActiveX object for\n Internet Explorer 5.01, 6 SP1, and 7 allows remote attackers to execute\n arbitrary code via unknown vectors related to Microsoft Visual Basic 6\n objects and memory corruption, aka ActiveX Object Memory Corruption\n Vulnerability.\");\n\n exit(0);\n}\n\ninclude(\"smb_nt.inc\");\ninclude(\"secpod_reg.inc\");\ninclude(\"version_func.inc\");\ninclude(\"secpod_smb_func.inc\");\n\nif(hotfix_check_sp(win2k:5 ,xp:4 ,win2003:3 ,vista:3) <= 0)\n exit(0);\n\nieVer = get_kb_item(\"MS/IE/Version\");\nif(!ieVer)\n exit(0);\n\n# MS07-045 Hotfix (937143)\nif(hotfix_missing(name:\"937143\") == 0)\n exit(0);\n\ndllPath = registry_get_sz(item:\"Install Path\", key:\"SOFTWARE\\Microsoft\\COM3\\Setup\");\ndllPath += \"\\mshtml.dll\";\nshare = ereg_replace(pattern:\"([A-Z]):.*\", replace:\"\\1$\", string:dllPath);\nfile = ereg_replace(pattern:\"[A-Z]:(.*)\", replace:\"\\1\", string:dllPath);\n\nvers = GetVer(file:file, share:share);\nif(!vers)\n exit(0);\n\n#CVE-2007-0943, CVE-2007-2216, CVE-2007-3041\nif(hotfix_check_sp(win2k:5) > 0)\n{\n SP = get_kb_item(\"SMB/Win2K/ServicePack\");\n if(\"Service Pack 4\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\", test_version2:\"6.0.2800.1597\") ||\n version_in_range(version:vers, test_version:\"5.0\", test_version2:\"5.0.3854.1200\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);\n }\n }\n}\nelse if(hotfix_check_sp(xp:4) > 0)\n{\n SP = get_kb_item(\"SMB/WinXP/ServicePack\");\n if(\"Service Pack 2\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\", test_version2:\"6.0.2900.3157\") ||\n version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.6000.16525\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);\n }\n }\n}\n\nelse if(hotfix_check_sp(win2003:3) > 0)\n{\n SP = get_kb_item(\"SMB/Win2003/ServicePack\");\n if(\"Service Pack 1\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\", test_version2:\"6.0.3790.2954\") ||\n version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.6000.16525\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);\n }\n }\n else if(\"Service Pack 2\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"6.0\", test_version2:\"6.0.2900.3157\") ||\n version_in_range(version:vers, test_version:\"6.0\", test_version2:\"6.0.3790.4106\") ||\n version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.6000.16525\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);\n }\n }\n}\n\nelse if(hotfix_check_sp(vista:2) > 0)\n{\n SP = get_kb_item(\"SMB/WinVista/ServicePack\");\n if(\"Service Pack 0\" >< SP)\n {\n if(version_in_range(version:vers, test_version:\"7.0\", test_version2:\"7.0.6000.16527\")){\n security_message( port: 0, data: \"The target host was found to be vulnerable\" ); exit(0);\n }\n }\n}\n\nexit(99);\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "mskb": [{"lastseen": "2021-01-01T22:38:00", "description": "<html><body><p>Resolves two vulnerabilities by setting the kill bit for ActiveX objects. Addresses the third vulnerability by modifying the way that Internet Explorer handles certain strings in CSS files.</p><h2></h2><div class=\"kb-notice-section section\">The update that this article describes has been replaced by a newer update. To resolve this problem, install the most current cumulative security update for Internet Explorer. To install the most current update, visit the following Microsoft Web site:<div class=\"indent\"><a href=\"http://update.microsoft.com\" id=\"kb-link-1\" target=\"_self\">http://update.microsoft.com</a></div>For more technical information about the most current cumulative security update for Internet Explorer, visit the following Microsoft Web site:<div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/current.aspx\" id=\"kb-link-2\" target=\"_self\">http://www.microsoft.com/technet/security/current.aspx</a></div></div><h2>INTRODUCTION</h2><div class=\"kb-summary-section section\">Microsoft has released security bulletin MS07-045. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view the complete security bulletin, visit one of the following Microsoft Web sites: <ul class=\"sbody-free_list\"><li>Home users:<div class=\"indent\"><a href=\"http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx\" id=\"kb-link-3\" target=\"_self\">http://www.microsoft.com/protect/computer/updates/bulletins/200708.mspx</a></div></li><li>IT professionals:<div class=\"indent\"><a href=\"http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx\" id=\"kb-link-4\" target=\"_self\">http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx</a></div></li></ul></div><h2></h2><div class=\"kb-moreinformation-section section\"><h3 class=\"sbody-h3\">Known issues with this security update</h3><ul class=\"sbody-free_list\"><li>Controls that prompt before they are loaded<br/><br/><span class=\"text-base\">Note</span> This issue occurs on Web sites that do not use the recommended techniques. This issue is resolved by using the techniques that are described on the following Microsoft Web site:<div class=\"indent\"><a href=\"http://msdn.microsoft.com/en-us/ie/default.aspx\" id=\"kb-link-5\" target=\"_self\">http://msdn.microsoft.com/en-us/ie/default.aspx</a></div>When certain controls are loaded on a Web page, the controls are not correctly masked by the functionality of this update. These controls include controls that are used in Macromedia Shockwave Director, in QuickTime Player, and in Virtools Web Player. When Windows determines that a control is inactive, the system prompts the user before the control is loaded.<br/></li><li>In Windows XP with Service Pack 2 (SP2) and in Windows Server 2003 with Service Pack 1 (SP1), the <span class=\"text-base\">Add or Remove Programs</span> item in Control Panel lists software updates. These software updates are listed under the name of the product to which the updates apply. In Windows XP with SP2, <span class=\"text-base\">Add or Remove Programs</span> lists this update under <strong class=\"uiterm\">Windows XP - Software Updates</strong>.<br/></li><li>Using monikers is no longer supported in Internet Explorer. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base: <br/><div class=\"indent\"><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/906294\" id=\"kb-link-6\">906294 </a> The use of monikers is no longer supported in Internet Explorer after installing the security updates provided by cumulative security update 896727 (MS05-038)<br/><br/></div></span></div></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/937905\" id=\"kb-link-7\">937905 </a> Description of the Input Method Editor (Korean) 2007 hotfix package: July 7, 2007<br/><br/></div></span></li><li>You may receive an error message that resembles the following when you try to visit a Web page in Windows Internet Explorer 7: <div class=\"sbody-error\"> Webpage cannot be displayed </div><span> For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base: <div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/942818\" id=\"kb-link-8\">942818 </a> Error message after you install a Windows Internet Explorer 7 update from Windows Update or from Microsoft Update: \"Webpage cannot be displayed\" </div></span></li></ul><h3 class=\"sbody-h3\">Non-security-related fixes that are included in this security update</h3><ul class=\"sbody-free_list\"><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/941495\" id=\"kb-link-9\">941495 </a> Internet Explorer increases the per-domain cookie limit from 20 to 50 <br/><br/></div></span><br/><span class=\"text-base\">General distribution release (GDR) fixes </span><ul class=\"sbody-free_list\"><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/937053\" id=\"kb-link-10\">937053 </a> When you copy text from a Rich Text box in InfoPath on a computer that has Internet Explorer 7 installed, the pasted text unexpectedly appears inside a table cell<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/936953\" id=\"kb-link-11\">936953 </a> FIX: The item may not be selected when you use the windowless SELECT control to create a list in Internet Explorer 7<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/936904\" id=\"kb-link-12\">936904 </a> Error message when you open a Web page in Windows Internet Explorer 7: \"Internet Explorer has encountered a problem and needs to close\"<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/936882\" id=\"kb-link-13\">936882 </a> FIX: An access violation may occur and you may receive an error message when you open a Web page that uses SSL in Internet Explorer 6<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/935777\" id=\"kb-link-14\">935777 </a> FIX: The buffer size of the InternetQueryOptionW function is half of its actual size if you use INTERNET_OPTION_URL as the second parameter in Internet Explorer 7<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/935776\" id=\"kb-link-15\">935776 </a> FIX: The InternetQueryOptionW function returns a value of true when you use the INTERNET_OPTION_URL option flag as the second parameter in Internet Explorer 7<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/935579\" id=\"kb-link-16\">935579 </a> FIX: When you access an external document by using a link in an inline frame in Internet Explorer 7, the value of the document object is returned as \"undefined\"<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/933133\" id=\"kb-link-17\">933133 </a> When you try to use Internet Explorer 7 to download a file from a Web page, the file name changes<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/933014\" id=\"kb-link-18\">933014 </a> FIX: An application uses the Favorites folder of Internet Explorer 7 as the root directory when the application calls the \"DoOrganizeFavDlg\" function<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/932043\" id=\"kb-link-19\">932043 </a> A Web site cannot set a cookie if the Domain attribute is in uppercase characters and has an odd number of characters in Internet Explorer 6<br/><br/></div></span></li><li><span><div class=\"indent\"><a href=\"https://support.microsoft.com/en-us/help/935575\" id=\"kb-link-20\">935575 </a> FIX: When you try to use Windows Internet Explorer 7 to display a Scalable Vector Graphics (SVG) file on a local computer, Internet Explorer 7 cannot display the SVG file<br/><br/></div></span></li></ul></li></ul><span>The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.</span></div></body></html>", "edition": 2, "cvss3": {}, "published": "2018-04-17T19:03:07", "type": "mskb", "title": "MS07-045: Cumulative security update for Internet Explorer", "bulletinFamily": "microsoft", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2007-0943", "CVE-2007-2216", "CVE-2007-3041"], "modified": "2018-04-17T19:03:07", "id": "KB937143", "href": "https://support.microsoft.com/en-us/help/937143/", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "nessus": [{"lastseen": "2023-12-03T14:12:56", "description": "The remote host is missing IE Cumulative Security Update 937143.\n\nThe remote version of IE is potentially vulnerable to several flaws that may allow an attacker to execute arbitrary code on the remote host.", "cvss3": {}, "published": "2007-08-14T00:00:00", "type": "nessus", "title": "MS07-045: Cumulative Security Update for Internet Explorer (937143)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2007-0319", "CVE-2007-0943", "CVE-2007-2216", "CVE-2007-2240", "CVE-2007-2928", "CVE-2007-2929", "CVE-2007-3041"], "modified": "2018-11-15T00:00:00", "cpe": ["cpe:/a:microsoft:ie", "cpe:/o:microsoft:windows"], "id": "SMB_NT_MS07-045.NASL", "href": "https://www.tenable.com/plugins/nessus/25883", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(25883);\n script_version(\"1.36\");\n script_cvs_date(\"Date: 2018/11/15 20:50:30\");\n\n script_cve_id(\n \"CVE-2007-0319\",\n \"CVE-2007-0943\",\n \"CVE-2007-2216\",\n \"CVE-2007-2240\",\n \"CVE-2007-2928\",\n \"CVE-2007-2929\",\n \"CVE-2007-3041\"\n );\n script_bugtraq_id(25288, 25289, 25295, 25311, 25312);\n script_xref(name:\"MSFT\", value:\"MS07-045\");\n script_xref(name:\"MSKB\", value:\"937143\");\n \n script_xref(name:\"CERT\", value:\"426737\");\n script_xref(name:\"CERT\", value:\"570705\");\n script_xref(name:\"CERT\", value:\"599657\");\n script_xref(name:\"CERT\", value:\"747233\");\n script_xref(name:\"EDB-ID\", value:\"30490\");\n\n script_name(english:\"MS07-045: Cumulative Security Update for Internet Explorer (937143)\");\n script_summary(english:\"Determines the presence of update 937143\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"Arbitrary code can be executed on the remote host through the web\nclient.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is missing IE Cumulative Security Update 937143.\n\nThe remote version of IE is potentially vulnerable to several flaws that\nmay allow an attacker to execute arbitrary code on the remote host.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-045\");\n script_set_attribute(attribute:\"solution\", value:\n\"Microsoft has released a set of patches for Windows 2000, XP, 2003 and\nVista.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_core\", value:\"true\");\n script_cwe_id(16, 399);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/08/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/08/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:microsoft:windows\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:microsoft:ie\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(english:\"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.\");\n script_family(english:\"Windows : Microsoft Bulletins\");\n\n script_dependencies(\"smb_hotfixes.nasl\", \"ms_bulletin_checks_possible.nasl\");\n script_require_keys(\"SMB/MS_Bulletin_Checks/Possible\");\n script_require_ports(139, 445, 'Host/patch_management_checks');\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"smb_hotfixes_fcheck.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"smb_func.inc\");\ninclude(\"misc_func.inc\");\n\nget_kb_item_or_exit(\"SMB/MS_Bulletin_Checks/Possible\");\n\nbulletin = 'MS07-045';\nkb = '937143';\n\nkbs = make_list(kb);\nif (get_kb_item(\"Host/patch_management_checks\")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);\n\nget_kb_item_or_exit(\"SMB/Registry/Enumerated\");\nget_kb_item_or_exit(\"SMB/WindowsVersion\", exit_code:1);\n\nif (hotfix_check_sp_range(win2k:'4,5', xp:'2', win2003:'1,2', vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);\n\nrootfile = hotfix_get_systemroot();\nif (!rootfile) exit(1, \"Failed to get the system root.\");\n\nshare = hotfix_path2share(path:rootfile);\nif (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);\n\nif (\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"Mshtml.dll\", version:\"7.0.6000.20643\", min_version:\"7.0.6000.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"6.0\", sp:0, file:\"Mshtml.dll\", version:\"7.0.6000.16527\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n hotfix_is_vulnerable(os:\"5.2\", sp:1, file:\"Mshtml.dll\", version:\"6.0.3790.2954\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.2\", sp:2, file:\"Mshtml.dll\", version:\"6.0.3790.4106\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.2\", file:\"Mshtml.dll\", version:\"7.0.6000.16525\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.2\", file:\"Mshtml.dll\", version:\"7.0.6000.20641\", min_version:\"7.0.6000.20000\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n hotfix_is_vulnerable(os:\"5.1\", sp:2, file:\"Mshtml.dll\", version:\"6.0.2900.3157\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.1\", sp:2, file:\"Mshtml.dll\", version:\"7.0.6000.16525\", min_version:\"7.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n\n hotfix_is_vulnerable(os:\"5.0\", file:\"Mshtml.dll\", version:\"6.0.2800.1597\", min_version:\"6.0.0.0\", dir:\"\\system32\", bulletin:bulletin, kb:kb) ||\n hotfix_is_vulnerable(os:\"5.0\", file:\"Mshtml.dll\", version:\"5.0.3854.1200\", dir:\"\\system32\", bulletin:bulletin, kb:kb)\n)\n{\n set_kb_item(name:\"SMB/Missing/\"+bulletin, value:TRUE);\n hotfix_security_hole();\n hotfix_check_fversion_end();\n exit(0);\n}\nelse\n{\n hotfix_check_fversion_end();\n audit(AUDIT_HOST_NOT, 'affected');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}]}
CVE-2007-0943
