[security-alerts] FW: [Full-disclosure] ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code Execution Vulnerability

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> 
> ZDI-07-038: Microsoft Internet Explorer Prototype Dereference Code
>             Execution Vulnerability
> http://www.zerodayinitiative.com/advisories/ZDI-07-038.html
> June 12, 2007
> 
> -- CVE ID:
> CVE-2007-1751
> 
> -- Affected Vendor:
> Microsoft
> 
> -- Affected Products:
> Internet Explorer 6.x
> Internet Explorer 7.x
> 
> -- TippingPoint(TM) IPS Customer Protection:
> TippingPoint IPS customers have been protected against this
> vulnerability since October 10, 2006 by Digital Vaccine protection
> filter ID 4761. For further product information on the 
> TippingPoint IPS:
> 
>     http://www.tippingpoint.com 
> 
> -- Vulnerability Details:
> This vulnerability allows attackers to execute arbitrary code on
> vulnerable installations of Microsoft Internet Explorer. User
> interaction is required to exploit this vulnerability in that the
> target must visit a malicious page.
> 
> The flaw is specifically exposed when a prototype variable points to a
> table cell and then that table cell is removed. This results in an
> invalid pointer dereference which can be leveraged to result in
> arbitrary code execution.
> 
> -- Vendor Response:
> Microsoft has issued an update to correct this vulnerability. More
> details can be found at:
> 
>     http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
> 
> -- Disclosure Timeline:
> 2006.10.10 - Digital Vaccine released to TippingPoint customers
> 2007.02.15 - Vulnerability reported to vendor
> 2007.06.12 - Coordinated public release of advisory
> 
> -- Credit:
> This vulnerability was discovered by Sam Thomas.
>