Info

Disclosure

Aug 14, 2007

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 14, 2007

Description

Internet Explorer contains a flaw that may allow a malicious user to remotely execute arbitrary code. The issue is due to an unspecified vulnerability in the pdwizard.ocx Active X object and is related to MS VB6 objects and memory corruption. It is possible that the flaw may result in a loss of integrity.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation, Other
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified, Vendor Verified

Solution

Microsoft has released MS07-45 to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): prevent COM objects from running in IE and/or configure Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.

Products

Microsoft Corporation	Internet Explorer	5.01
		6 SP1
		7

References

Security Tracker: 1018562
CVE ID: 2007-3041 (see also: NVD)
OVAL ID: 2232
Bugtraq ID: 25295
Secunia Advisory ID: 26419
SCIP VulDB ID: 3245
Related OSVDB ID: 36396 36397
Microsoft Knowledge Base Article: 937143
VUPEN Advisory: ADV-2007-2869
News Article: http://www.computerworld.com/action/article.do?command=viewArticleBasic&taxonomyName=security&articleId=9030696
Microsoft Security Bulletin: MS07-045

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36395

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit