Internet Security Privacy Policy

Friday, August 31, 2007

(MS07-050) Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127)

Vulnerability Identifier: CVE-2007-1749
Discovery Date: Aug 14, 2007
Risk: Critical
Affected Software:

* Microsoft Internet Explorer 5.01 Service Pack 4
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 Service Pack 1)
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 Service Pack 2)
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 with SP2 for Itanium-based Systems)
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003 x64 Edition)
* Microsoft Internet Explorer 6 (Microsoft Windows Server 2003)
* Microsoft Internet Explorer 6 (Microsoft Windows XP Professional x64 Edition Service Pack 2)
* Microsoft Internet Explorer 6 (Microsoft Windows XP Service Pack 2)
* Microsoft Internet Explorer 6.0 Service Pack 1 (Microsoft Windows XP 64-Bit Edition)
* Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 Service Pack 1)
* Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 Service Pack 2)
* Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 with SP1 for Itanium-based Systems)
* Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 with SP2 for Itanium-based Systems)
* Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 x64 Edition Service Pack 2)
* Microsoft Internet Explorer 7 (Microsoft Windows Server 2003 x64 Edition)
* Microsoft Internet Explorer 7 (Microsoft Windows XP Professional x64 Edition Service Pack 2)
* Microsoft Internet Explorer 7 (Microsoft Windows XP Professional x64 Edition)
* Microsoft Internet Explorer 7 (Microsoft Windows XP Service Pack 2)
* Windows Vista
* Windows Vista x64 Edition

Description:

This security update resolves a privately reported vulnerability in the Vector Markup Language (VML) implementation in Windows. The vulnerability could allow remote code execution if a user views a specially crafted Web page using Internet Explorer. Users whose accounts are configured to have fewer user rights on the system could be less affected than users who operate with administrative user rights.

An attacker could exploit the said vulnerability by creating a specially crafted Web page or HTML e-mail. When a user views the Web page or the message, the vulnerability could allow remote code execution.

Patch Information:

Patches for this vulnerability are available at:

http://www.microsoft.com/technet/security/bulletin/MS07-050.mspx



Source : http://trendmicro.com

at 6:45 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)