A memory corruption flaw exists in Internet Explorer. The 'cloneNode' and 'nodeValue' functions are used improperly resulting in memory corruption. With a specially crafted call, an attacker can cause arbitary code execution resulting in a loss of integrity.

Microsoft has released a patch to address this issue.

• Security Tracker: 1019078
• CVE ID: 2007-3903 (see also: NVD)
• Bugtraq ID: 26816
• Secunia Advisory ID: 28036
• SCIP VulDB ID: 3507
• ISS X-Force ID: 38714
• Related OSVDB ID: 39118 39120 39121
• Keyword: 5824
• Microsoft Knowledge Base Article: 942615
• VUPEN Advisory: ADV-2007-4184
• Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2007-12/0305.html
• News Article: http://www.eweek.com/c/a/Security/Microsoft-to-Patch-3-Critical-Flaws-to-Prevent-System-Hijacking/
• Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-07-074.html
• Microsoft Security Bulletin: MS07-069

• Sam Thomas - Zero Day Initiative (ZDI)