IE7 Cumulative Update August 2007 – further information

MS07-045 - Cumulative Security Update for Internet Explorer (937143)

CSS Memory Corruption Vulnerability - CVE-2007-0943 - Internet Explorer 5.01 on Windows 2000

A remote code execution vulnerability exists in the way Internet Explorer parses certain strings in CSS. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.
 
ActiveX Object Vulnerability - CVE-2007-2216 - Internet Explorer 5.01/6/7 on Windows 2000/XP/Server 2003/Vista

A remote code execution vulnerability exists in a Visual Basic 6 ActiveX control, tblinf32.dll. This control can also be found under the name of vstlbinf.dll.  Both of these components were never intended to be supported in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

ActiveX Object Memory Corruption Vulnerability - CVE-2007-3041 - Internet Explorer 5.01/6/7 on Windows 2000/XP/Server 2003/Vista

A remote code execution vulnerability exists in the Visual Studio Package and Deployment Wizard ActiveX object, pdwizard.ocx. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

ActiveX Killbits

Three activex objects are affected by the killbits set by the August 2007 Cumulative Update for IE7. These are:

CVE-2007-1891, CVE-2007-1892/BID 23522 - Akamai Technologies Download Manager.

BID 25311 - Lenovo ActiveX control.

BID 25312 - Motive Incorporated ActiveX control.

Comments

# University Update-Visual Basic-IE7 Cumulative Update August 2007 ??? further information

Pingback from  University Update-Visual Basic-IE7 Cumulative Update August 2007 ??? further information