Intrusion Prevention

MS.IE.Input.Method.Editor.ActiveX.Access

Description

This indicates an attack attempt against a remote code execution vulnerability in Internet Explorer.
The vulnerability is caused by an error when Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. It may allow a remote attacker to execute arbitrary code via a specially crafted Web page.

Affected Products

Microsoft Internet Explorer 5.01 Service Pack 4 on Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 for Windows XP Service Pack 2
Microsoft Internet Explorer 6 for Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 for Windows Server 2003
Microsoft Internet Explorer 6 for Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Windows Server 2003 SP1 (Itanium)
Microsoft Internet Explorer 6 for Windows Server 2003 x64 Edition
Microsoft Windows Internet Explorer 7 for Windows XP Service Pack 2
Microsoft Windows Internet Explorer 7 for Windows XP Professional x64 Edition
Microsoft Windows Internet Explorer 7 for Windows Server 2003 Service Pack 1
Microsoft Windows Internet Explorer 7 for Windows Server 2003 SP1 (Itanium)
Microsoft Windows Internet Explorer 7 for Windows Server 2003 x64 Edition

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply patch, available from the web site:
http://www.microsoft.com/technet/security/bulletin/ms07-016.mspx

CVE References

CVE-2006-4697