Vulnerabilities > CVE-2007-0943 - Unspecified vulnerability in Microsoft IE and Internet Explorer

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
microsoft
nessus
NVD
Published: 2007-08-14
Updated: 2021-07-23

Summary

Unspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.

Vulnerable Configurations

Part Description Count
Application
Microsoft
2

Nessus

NASL familyWindows : Microsoft Bulletins
NASL idSMB_NT_MS07-045.NASL
descriptionThe remote host is missing IE Cumulative Security Update 937143. The remote version of IE is potentially vulnerable to several flaws that may allow an attacker to execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id25883
published2007-08-14
reporterThis script is Copyright (C) 2007-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/25883
titleMS07-045: Cumulative Security Update for Internet Explorer (937143)
code
#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
 script_id(25883);
 script_version("1.36");
 script_cvs_date("Date: 2018/11/15 20:50:30");

 script_cve_id(
  "CVE-2007-0319",
  "CVE-2007-0943",
  "CVE-2007-2216",
  "CVE-2007-2240",
  "CVE-2007-2928",
  "CVE-2007-2929",
  "CVE-2007-3041"
 );
 script_bugtraq_id(25288, 25289, 25295, 25311, 25312);
 script_xref(name:"MSFT", value:"MS07-045");
 script_xref(name:"MSKB", value:"937143");
 
 script_xref(name:"CERT", value:"426737");
 script_xref(name:"CERT", value:"570705");
 script_xref(name:"CERT", value:"599657");
 script_xref(name:"CERT", value:"747233");
 script_xref(name:"EDB-ID", value:"30490");

 script_name(english:"MS07-045: Cumulative Security Update for Internet Explorer (937143)");
 script_summary(english:"Determines the presence of update 937143");

 script_set_attribute(attribute:"synopsis", value:
"Arbitrary code can be executed on the remote host through the web
client.");
 script_set_attribute(attribute:"description", value:
"The remote host is missing IE Cumulative Security Update 937143.

The remote version of IE is potentially vulnerable to several flaws that
may allow an attacker to execute arbitrary code on the remote host.");
 script_set_attribute(attribute:"see_also", value:"https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2007/ms07-045");
 script_set_attribute(attribute:"solution", value:
"Microsoft has released a set of patches for Windows 2000, XP, 2003 and
Vista.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
 script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"true");
 script_set_attribute(attribute:"exploit_framework_core", value:"true");
 script_cwe_id(16, 399);

 script_set_attribute(attribute:"vuln_publication_date", value:"2007/08/12");
 script_set_attribute(attribute:"patch_publication_date", value:"2007/08/14");
 script_set_attribute(attribute:"plugin_publication_date", value:"2007/08/14");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_set_attribute(attribute:"cpe", value:"cpe:/o:microsoft:windows");
 script_set_attribute(attribute:"cpe", value:"cpe:/a:microsoft:ie");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);

 script_copyright(english:"This script is Copyright (C) 2007-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows : Microsoft Bulletins");

 script_dependencies("smb_hotfixes.nasl", "ms_bulletin_checks_possible.nasl");
 script_require_keys("SMB/MS_Bulletin_Checks/Possible");
 script_require_ports(139, 445, 'Host/patch_management_checks');
 exit(0);
}


include("audit.inc");
include("smb_hotfixes_fcheck.inc");
include("smb_hotfixes.inc");
include("smb_func.inc");
include("misc_func.inc");

get_kb_item_or_exit("SMB/MS_Bulletin_Checks/Possible");

bulletin = 'MS07-045';
kb = '937143';

kbs = make_list(kb);
if (get_kb_item("Host/patch_management_checks")) hotfix_check_3rd_party(bulletin:bulletin, kbs:kbs, severity:SECURITY_HOLE);

get_kb_item_or_exit("SMB/Registry/Enumerated");
get_kb_item_or_exit("SMB/WindowsVersion", exit_code:1);

if (hotfix_check_sp_range(win2k:'4,5', xp:'2', win2003:'1,2', vista:'0') <= 0) audit(AUDIT_OS_SP_NOT_VULN);

rootfile = hotfix_get_systemroot();
if (!rootfile) exit(1, "Failed to get the system root.");

share = hotfix_path2share(path:rootfile);
if (!is_accessible_share(share:share)) audit(AUDIT_SHARE_FAIL, share);

if (
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Mshtml.dll", version:"7.0.6000.20643", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"6.0", sp:0, file:"Mshtml.dll", version:"7.0.6000.16527", dir:"\system32", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.2", sp:1, file:"Mshtml.dll", version:"6.0.3790.2954", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", sp:2, file:"Mshtml.dll", version:"6.0.3790.4106", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"7.0.6000.16525", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.2", file:"Mshtml.dll", version:"7.0.6000.20641", min_version:"7.0.6000.20000", dir:"\system32", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mshtml.dll", version:"6.0.2900.3157", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.1", sp:2, file:"Mshtml.dll", version:"7.0.6000.16525", min_version:"7.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||

  hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"6.0.2800.1597", min_version:"6.0.0.0", dir:"\system32", bulletin:bulletin, kb:kb) ||
  hotfix_is_vulnerable(os:"5.0", file:"Mshtml.dll", version:"5.0.3854.1200", dir:"\system32", bulletin:bulletin, kb:kb)
)
{
  set_kb_item(name:"SMB/Missing/"+bulletin, value:TRUE);
  hotfix_security_hole();
  hotfix_check_fversion_end();
  exit(0);
}
else
{
  hotfix_check_fversion_end();
  audit(AUDIT_HOST_NOT, 'affected');
}

Oval

accepted2007-09-27T08:57:41.035-04:00
classvulnerability
contributors
  • nameRobert L. Hollis
    organizationThreatGuard, Inc.
  • nameJeff Cheng
    organizationOpsware, Inc.
definition_extensions
  • commentMicrosoft Windows 2000 SP4 or later is installed
    ovaloval:org.mitre.oval:def:229
  • commentMicrosoft Internet Explorer 5.01 SP4 is installed
    ovaloval:org.mitre.oval:def:325
descriptionUnspecified vulnerability in Internet Explorer 5.01 and 6 SP1 allows remote attackers to execute arbitrary code via crafted Cascading Style Sheets (CSS) strings that trigger memory corruption during parsing, related to use of out-of-bounds pointers.
familywindows
idoval:org.mitre.oval:def:1673
statusaccepted
submitted2007-08-15T09:28:35
titleCSS Memory Corruption Vulnerability
version70

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 25288 CVE(CAN) ID: CVE-2007-0943 Internet Explorer是微软发布的非常流行的WEB浏览器。 IE 5.0在解析样式表(CSS)文件时存在安全漏洞,远程攻击者可能利用此漏洞控制用户系统。 由于没有对数据指针进行必要的检查,当处理特殊格式的CSS文件时,会造成指针越界,并改写内存数据。通过精心构造数据,攻击着可能远程执行任意指令。攻击者可以创建恶意WEB页面诱使用户访问,从而以该用户身份执行任意任意命令。如果该用户是管理员,则攻击者可以完全控制用户所在系统。即使将IE的安全级别设置为高,用户仍然会受此漏洞影响。 Microsoft Internet Explorer 5.01 Microsoft已经为此发布了一个安全公告(MS07-045)以及相应补丁: MS07-045:Cumulative Security Update for Internet Explorer (937143) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx?pf=true" target="_blank">http://www.microsoft.com/technet/security/Bulletin/MS07-045.mspx?pf=true</a>
idSSV:2120
last seen2017-11-19
modified2007-08-17
published2007-08-17
reporterRoot
titleMicrosoft IE CSS字符串内存破坏漏洞(MS07-045)

References