Microsoft Internet Explorer Multiple Remote Code Execution Vulnerabilities (MS07-016)

Multiple vulnerabilities have been identified in Microsoft Internet Explorer, which could be exploited by attackers to take complete control of an affected system.

The first issue is due to a memory corruption error when instantiating the "Imjpcksid.dll" COM object as an ActiveX control, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

The second vulnerability is due to a memory corruption error when instantiating the "Msb1fren.dll", "Htmlmm.ocx" or "Blnmgrps.dll" objects as ActiveX controls, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

The third issue is due to a memory corruption error when processing specially crafted FTP responses, which could be exploited by remote attackers to execute arbitrary commands by tricking a user into visiting a specially crafted web page.

Affected Products

Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 for Windows Server 2003
Microsoft Internet Explorer 6 for Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Windows Server 2003 SP1 (Itanium)
Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition
Microsoft Windows Internet Explorer 7 for Windows XP Service Pack 2
Microsoft Windows Internet Explorer 7 for Windows XP Professional x64 Edition
Microsoft Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
Microsoft Windows Internet Explorer 7 for Windows Server 2003 SP1 (Itanium)
Microsoft Windows Internet Explorer 7 for Windows Server 2003 x64 Edition

Solution

Apply patches :
http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx
더보기

댓글,