- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Vulnerability in Vector Markup Language Allows Code Execution (MS07-050)
------------------------------------------------------------------------
SUMMARY
This security update resolves a privately reported vulnerability in the
Vector Markup Language (VML) implementation in Windows. The vulnerability
could allow remote code execution if a user viewed a specially crafted Web
page using Internet Explorer. Users whose accounts are configured to have
fewer user rights on the system could be less impacted than users who
operate with administrative user rights.
DETAILS
Affected and Non-Affected Software:
The software listed here has been tested to determine which versions or
editions are affected. Other versions or editions are either past their
support life cycle or are not affected. To determine the support life
cycle for your software version or edition, visit Microsoft Support
Lifecycle.
Affected Software:
Operating System - Component - Maximum Security Impact - Aggregate
Severity Rating - Bulletins Replaced by This Update
Internet Explorer 5.01 and Internet Explorer 6 Service Pack 1
* Microsoft Windows 2000 Service Pack 4 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=31E63D6F-B6B7-41D7-8AE6-DD7FCF89D477> Microsoft Internet Explorer 5.01 Service Pack 4 - Remote Code Execution - Critical - MS07-004
* Microsoft Windows 2000 Service Pack 4 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=7099D33A-0EF6-423F-824E-757482517612> Microsoft Internet Explorer 6 Service Pack 1 - Remote Code Execution - Critical - MS07-004
Internet Explorer 6
* Windows XP Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=4447D74F-09EA-4BE0-9DAE-C243CE657FB7> Microsoft Internet Explorer 6 - Remote Code Execution - Critical - MS07-004
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=98CCD207-F4D0-4625-AEAB-0EBF1643A5FD> Microsoft Internet Explorer 6 - Remote Code Execution - Critical - MS07-004
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=463535AA-E04E-4A30-B3AB-8CD6D8CDD13C> Microsoft Internet Explorer 6 - Remote Code Execution - Critical - MS07-004
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=9D4375D4-FB9B-4771-BD6F-E5D23EEDBC6B> Microsoft Internet Explorer 6 - Remote Code Execution - Critical - MS07-004
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=C7BE313B-3405-42E1-9E4B-0CB6BF3D2CB1> Microsoft Internet Explorer 6 - Remote Code Execution - Critical - MS07-004
Internet Explorer 7
* Windows XP Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=9F5DA816-194C-478E-8A96-9421A0C52C9F> Windows Internet Explorer 7 - Remote Code Execution - Critical - MS07-004
* Windows XP Professional x64 Edition and Windows XP Professional x64
Edition Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=1C3168A9-D959-4137-868A-EC70DA737C21> Windows Internet Explorer 7 - Remote Code Execution - Critical - MS07-004
* Windows Server 2003 Service Pack 1 and Windows Server 2003 Service Pack
2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=59884E97-4912-4A9A-8A31-8182EA2D24DB> Windows Internet Explorer 7 - Remote Code Execution - Critical - MS07-004
* Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition
Service Pack 2 -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=42060E27-DE14-4D0C-92A0-138CB57FE2B5> Windows Internet Explorer 7 - Remote Code Execution - Critical - MS07-004
* Windows Server 2003 with SP1 for Itanium-based Systems and Windows
Server 2003 with SP2 for Itanium-based Systems -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=A536206E-9D1B-49A8-81A1-53D46F2DE973> Windows Internet Explorer 7 - Remote Code Execution - Critical - MS07-004
* Windows Vista - <Windows Internet Explorer 7> Windows Internet
Explorer 7 - Remote Code Execution - Critical - None
* Windows Vista x64 Edition Windows -
<http://www.microsoft.com/downloads/details.aspx?FamilyId=592435BC-1D43-4544-BD8A-4A2D829DC1A1> Internet Explorer 7 - Remote Code Execution - Critical - None
VML Buffer Overrun Vulnerability - CVE-2007-1749
A remote code execution vulnerability exists in the Vector Markup Language
(VML) implementation in Microsoft Windows. An attacker could exploit the
vulnerability by constructing a specially crafted Web page or HTML e-mail.
When a user views the Web page or the message, the vulnerability could
allow remote code execution.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1749>
CVE-2007-1749
ADDITIONAL INFORMATION
The information has been provided by <mailto:security@microsoft.com>
Microsoft Product Security.
The original article can be found at:
<http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx>
http://www.microsoft.com/technet/security/bulletin/ms07-050.mspx
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
No comments:
Post a Comment