A remote memory corruption flaw exists in Windows. Internet Explorer fails to properly instantiate some COM objects resulting in memory corruption. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

• Security Tracker: 1018019
• CVE ID: 2007-0942 (see also: NVD)
• Secunia Advisory ID: 23769
• SCIP VulDB ID: 3054
• Related OSVDB ID: 34400 34401 34402 34403 34404
• Microsoft Knowledge Base Article: 931768
• VUPEN Advisory: ADV-2007-1712
• News Article: http://www.informationweek.com/news/showArticle.jhtml?articleID=199400216
• Vendor URL: http://www.microsoft.com/en-us/default.aspx
• Microsoft Security Bulletin: MS07-027

• Not Available