Intrusion Prevention

MS.IE.DHTML.Object.Method.Memory.Corruption

Description

This indicates an attempt to exploit a remote code execution vulnerability in Microsoft Internet Explorer.
The vulnerability is a result of the way that Internet Explorer displays a web page that contains certain unexpected method calls to HTML objects. This leads to system memory being corrupted in such a way that an attacker can execute arbitrary code if a user visits a malicious Web site.

Affected Products

IE6 SP1 for Microsoft Windows 2000 SP4
IE6 for Windows XP SP2
IE6 for Windows XP Prof x64 Edition and Windows XP Prof x64 Edition SP2
IE6 for Windows Server 2003 SP1 and Windows Server 2003 SP2
IE6 for Windows Server 2003 x64 Edition and Windows Server 2003 x64 Edition SP2
IE6 for Windows Server 2003 with SP1 for Itanium-based Systems
IE6 for Windows Server 2003 with SP2 for Itanium-based Systems
IE7 for Windows XP SP2
IE7 for Windows XP Prof x64 Edition
IE7 for Windows XP Prof x64 Edition SP2
IE7 for Windows Server 2003 SP1 and Windows Server 2003 SP2
IE7 for Windows Server 2003 x64 Edition
IE7 for Windows Server 2003 x64 Edition SP2
IE7 for Windows Server 2003 with SP1 for Itanium-based Systems
IE7 for Windows Server 2003 with SP2 for Itanium-based Systems
IE7 in Windows Vista
IE7 in Windows Vista x64 Edition

Impact

System compromise: remote code execution.

Recommended Actions

Apply patches.
Windows 2000 SP4 with Internet Explorer 5.01 SP4:
http://www.microsoft.com/downloads/de...=B3BD16EA-5D69-4AE3-84B3-AB773052CEEB
Windows 2000 SP4 with Internet Explorer 6 SP1:
http://www.microsoft.com/downloads/de...=BC8EDF05-262A-4D1D-B196-4FC1A844970C
Windows XP SP2 with Internet Explorer 6:
http://www.microsoft.com/downloads/de...=6E4EBAFC-34C3-4DC7-B712-152C611D3F0A
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 6:
http://www.microsoft.com/downloads/de...=F5A5AF23-30FB-4E47-94BD-3B05B55C92F2
Windows Server 2003 SP1/SP2 with Internet Explorer 6:
http://www.microsoft.com/downloads/de...=BF466060-A585-4C2E-A48D-70E080C3BBE7
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 6:
http://www.microsoft.com/downloads/de...=074697F2-18C8-4521-BBF7-1D0E7395D27D
Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 6:
http://www.microsoft.com/downloads/de...=B3F390A6-0361-4553-B627-5E7AD6BF5055
Windows XP SP2 with Internet Explorer 7:
http://www.microsoft.com/downloads/de...=B15A6506-02DD-43C2-AEF4-E10C1C76EE97
Windows XP Professional x64 Edition (optionally with SP2) and Internet Explorer 7:
http://www.microsoft.com/downloads/de...=C092A6BB-8E62-4D90-BDB1-5F3A15968F75
Windows Server 2003 SP1/SP2 with Internet Explorer 7:
http://www.microsoft.com/downloads/de...=34759C10-16A5-42A2-974D-9D532FB5A0A7
Windows Server 2003 x64 Edition (optionally with SP2) and Internet Explorer 7:
http://www.microsoft.com/downloads/de...=7DCCCE5A-7562-448B-A345-CF1CC758E35C
Windows Server 2003 with SP1/SP2 for Itanium-based systems and Internet Explorer 7:
http://www.microsoft.com/downloads/de...=8414F3FB-216A-4D46-B590-4C1F304DFF91
Windows Vista with Internet Explorer 7:
http://www.microsoft.com/downloads/de...=26D303DA-BB2E-4555-96F1-BECB0E277341
Windows Vista x64 Edition with Internet Explorer 7:
http://www.microsoft.com/downloads/de...=C5E88E0B-A4C2-4690-91D9-326800030A16

CVE References

CVE-2007-5347