Info

Disclosure

Feb 13, 2007

Discovery

Aug 16, 2006

Dates

Exploit

Mar 09, 2007

Solution

Unknown

Description

A remote overflow exists in Internet Explorer. The wininet.dll FTP client fails to validate FTP server responses resulting in a heap overflow. With a specially crafted server response, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Private, Exploit Unknown
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	5
		6

References

Security Tracker: 1017642
CVE ID: 2007-0217 (see also: NVD)
Bugtraq ID: 22489
Secunia Advisory ID: 24156
Related OSVDB ID: 31891 31893
Microsoft Knowledge Base Article: 928090
VUPEN Advisory: ADV-2007-0584
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2007-02/0211.html
http://archives.neohapsis.com/archives/bugtraq/2007-03/0057.html
Other Advisory URL: http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=473
Vendor URL: http://www.microsoft.com
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/Bulletin/MS07-016.mspx
Microsoft Security Bulletin: MS07-016

Credit

Greg MacManus - iDEFENSE Labs

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit