Microsoft IE Msb1fren.dll COM Object Instantiation Memory Corruption

2007-02-13T15:03:56
ID OSVDB:31893
Type osvdb
Reporter H D Moore(fdlist@digitaloffense.net)
Modified 2007-02-13T15:03:56

Description

Vulnerability Description

A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Msb1fren.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote memory corruption flaw exists in Internet Explorer. The flaw is triggered when Msb1fren.dll is instantiated as an ActiveX control within Internet Explorer. With a specially crafted web page, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.microsoft.com Vendor Specific Advisory URL Security Tracker: 1017643 Secunia Advisory ID:24156 Related OSVDB ID: 31894 Related OSVDB ID: 31891 Related OSVDB ID: 31892 Related OSVDB ID: 31895 Microsoft Security Bulletin: MS07-016 Microsoft Knowledge Base Article: 928090 ISS X-Force ID: 32427 FrSIRT Advisory: ADV-2007-0584 CVE-2007-0219 CERT VU: 771788 Bugtraq ID: 22504