Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
From : Secunia advisory
Quote
Secunia Advisory: SA23769
Release Date: 2007-05-08
Last Update: 2007-05-09
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
1) An error within the instantiation of the chtskdic.dll COM object not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.
2) An error in the "CTableCol::OnPropertyChange()" function when accessing properties of a table column in a named table row after calls to the "deleteCell()" JavaScript method can be exploited to corrupt memory via a specially crafted web page.
3) An error when calling property methods can be exploited to corrupt memory via a specially crafted web page.
4) Errors within the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page.
5) An error in the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page as a CMarkup object is used in certain cases after it has been freed.
6) An error in the media service component (msauth.dll) can be exploited to rewrite arbitrary files via a specially crafted web page.
Release Date: 2007-05-08
Last Update: 2007-05-09
Critical:
Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6.x
Microsoft Internet Explorer 7.x
Description:
Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
1) An error within the instantiation of the chtskdic.dll COM object not intended to be instantiated in Internet Explorer can be exploited to corrupt memory.
2) An error in the "CTableCol::OnPropertyChange()" function when accessing properties of a table column in a named table row after calls to the "deleteCell()" JavaScript method can be exploited to corrupt memory via a specially crafted web page.
3) An error when calling property methods can be exploited to corrupt memory via a specially crafted web page.
4) Errors within the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page.
5) An error in the handling of HTML objects can be exploited to corrupt memory via a specially crafted web page as a CMarkup object is used in certain cases after it has been freed.
6) An error in the media service component (msauth.dll) can be exploited to rewrite arbitrary files via a specially crafted web page.
This post has been edited by HIPPO1023: 09 May 2007 - 09:44 AM
Back to top
