Vulnerabilities > CVE-2007-3893 - Resource Management Errors vulnerability in Microsoft Internet Explorer
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family | Windows : Microsoft Bulletins |
NASL id | SMB_NT_MS07-057.NASL |
description | The remote host is missing the IE cumulative security update 939653. The remote version of IE is vulnerable to several flaws that could allow an attacker to execute arbitrary code on the remote host. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 26963 |
published | 2007-10-09 |
reporter | This script is Copyright (C) 2007-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/26963 |
title | MS07-057: Cumulative Security Update for Internet Explorer (939653) |
code |
|
Oval
accepted | 2014-02-24T04:03:11.961-05:00 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
contributors |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
definition_extensions |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
description | Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 7 allows remote attackers to execute arbitrary code via unspecified vectors involving memory corruption from an unhandled error. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
family | windows | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
id | oval:org.mitre.oval:def:2284 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
status | accepted | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
submitted | 2007-10-10T04:39:42 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
title | Error Handling Memory Corruption Vulnerability | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
version | 73 |
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 25916 CVE(CAN) ID: CVE-2007-3893 Internet Explorer是微软的操作系统中所捆绑的WEB浏览器。 IE在处理文件下载队列时存在漏洞,恶意网站可能利用此漏洞控制用户系统。 在处理文件下载队列时,如果Internet Explorer处理了多个并行的启动文件下载尝试,就可能导致内存破坏,使用已经释放的对象。攻击者可以通过构建特制的网页来利用该漏洞。如果用户查看网页,该漏洞可能允许远程执行指令。 Microsoft Internet Explorer 7.0 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4 临时解决方法: 如果您不能立刻安装补丁或者升级,NSFOCUS建议您采取以下措施以降低威胁: * 将Internet和本地intranet安全区设置为“高”以在运行ActiveX控件和活动脚本之前要求提示。 厂商补丁: Microsoft --------- Microsoft已经为此发布了一个安全公告(MS07-057)以及相应补丁: MS07-057:Cumulative Security Update for Internet Explorer (939653) 链接:<a href="http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx?pf=true" target="_blank">http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx?pf=true</a> |
id | SSV:2281 |
last seen | 2017-11-19 |
modified | 2007-10-12 |
published | 2007-10-12 |
reporter | Root |
title | Microsoft IE 脚本错误处理内存破坏漏洞(MS07-057) |
References
- http://www.us-cert.gov/cas/techalerts/TA07-282A.html
- http://www.securityfocus.com/bid/25916
- http://securitytracker.com/id?1018788
- http://secunia.com/advisories/23469
- http://www.vupen.com/english/advisories/2007/3437
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2284
- https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-057
- http://www.securityfocus.com/archive/1/482366/100/0/threaded