full-disclosure-uk May 2007 archive
Main Archive Page > Month Archives  > full-disclosure-uk archives
full-disclosure-uk: [Full-disclosure] Secunia Research: Internet

[Full-disclosure] Secunia Research: Internet Explorer HTML Objects Memory Corruption Vulnerability

From: Secunia Research <remove-vuln_at_nospam>
Date: Thu May 10 2007 - 05:13:49 GMT
To: full-disclosure@lists.grok.org.uk


Secunia Research 09/05/2007
  • Internet Explorer HTML Objects Memory Corruption Vulnerability -

Table of Contents Affected Software....................................................1 Severity.............................................................2 Vendor's Description of Software.....................................3 Description of Vulnerability.........................................4 Solution.............................................................5 Time Table...........................................................6 Credits..............................................................7 References...........................................................8 About Secunia........................................................9 Verification........................................................10
======================================================================
1) Affected Software
  • Microsoft Internet Explorer 7

2) Severity

Rating: Moderately Critical
Impact: System Access
Where: Remote



3) Vendor's Description of Software

Internet Explorer 7 provides improved navigation through tabbed browsing, web search right from the toolbar, advanced printing, easy discovery, reading and subscription to RSS feeds, and much more.

http://www.microsoft.com/windows/products/winfamily/ie/default.mspx



4) Description of Vulnerability

Secunia Research has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an error in the handling of HTML objects as a CMarkup object is used in certain cases after it has been freed. This can be exploited to corrupt memory via a specially crafted web page.

Successful exploitation allows execution of arbitrary code.



5) Solution

Apply patches (see the Microsoft security bulletin for details).



6) Time Table 18/01/2007 - Vendor notified. 19/01/2007 - Vendor response. 09/05/2007 - Public disclosure.
======================================================================
7) Credits

Discovered by JJ Reyes, Secunia Research.



8) References

MS07-027 (KB931768):
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx

The Common Vulnerabilities and Exposures (CVE) project has assigned CVE-2007-0947 for the vulnerability.



9) About Secunia

Secunia offers vulnerability management solutions to corporate customers with verified and reliable vulnerability intelligence relevant to their specific system configuration:

http://corporate.secunia.com/

Secunia also provides a publicly accessible and comprehensive advisory database as a service to the security community and private individuals, who are interested in or concerned about IT-security.

http://secunia.com/

Secunia believes that it is important to support the community and to do active vulnerability research in order to aid improving the security and reliability of software in general:

http://corporate.secunia.com/secunia_research/33/

Secunia regularly hires new skilled team members. Check the URL below to see currently vacant positions:

http://secunia.com/secunia_vacancies/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/


  1. Verification

Please verify this advisory by visiting the Secunia website: http://secunia.com/secunia_research/2007-36/

Complete list of vulnerability reports published by Secunia Research: http://secunia.com/secunia_research/




Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/