Test ID:	1.3.6.1.4.1.25623.1.0.102056
Category:	Windows : Microsoft Bulletins
Title:	Cumulative Security Update for Internet Explorer (931768)
Summary:	Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on; Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003; SP1 or SP2, and possibly 7 on Windows Vista does not properly; instantiate certain COM objects as ActiveX controls, which allows; remote attackers to execute arbitrary code via a crafted COM object; from chtskdic.dll.
Description:	Summary: Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4, 6 SP1 on Windows 2000 SP4, 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2, and possibly 7 on Windows Vista does not properly instantiate certain COM objects as ActiveX controls, which allows remote attackers to execute arbitrary code via a crafted COM object from chtskdic.dll. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-0942 Cert/CC Advisory: TA07-128A http://www.us-cert.gov/cas/techalerts/TA07-128A.html HPdes Security Advisory: HPSBST02214 http://www.securityfocus.com/archive/1/468871/100/200/threaded HPdes Security Advisory: SSRT071422 Microsoft Security Bulletin: MS07-027 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-027 http://www.osvdb.org/34399 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1939 http://www.securitytracker.com/id?1018019 http://secunia.com/advisories/23769 http://www.vupen.com/english/advisories/2007/1712 XForce ISS Database: ie-chtskdic-com-code-execution(33252) https://exchange.xforce.ibmcloud.com/vulnerabilities/33252 Common Vulnerability Exposure (CVE) ID: CVE-2007-0944 BugTraq ID: 23771 http://www.securityfocus.com/bid/23771 Bugtraq: 20070508 ZDI-07-027: Microsoft Internet Explorer Table Column Deletion Memory Corruption Vulnerability (Google Search) http://www.securityfocus.com/archive/1/467989/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-027.html http://www.osvdb.org/34400 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1722 XForce ISS Database: ie-object-array-code-execution(33253) https://exchange.xforce.ibmcloud.com/vulnerabilities/33253 Common Vulnerability Exposure (CVE) ID: CVE-2007-0945 BugTraq ID: 23769 http://www.securityfocus.com/bid/23769 http://www.osvdb.org/34401 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1463 Common Vulnerability Exposure (CVE) ID: CVE-2007-0947 BugTraq ID: 23772 http://www.securityfocus.com/bid/23772 http://secunia.com/secunia_research/2007-36/advisory/ http://www.osvdb.org/34403 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2048 XForce ISS Database: ie-html-memory-code-execution-variant(33256) https://exchange.xforce.ibmcloud.com/vulnerabilities/33256 Common Vulnerability Exposure (CVE) ID: CVE-2007-2221 BugTraq ID: 23827 http://www.securityfocus.com/bid/23827 CERT/CC vulnerability note: VU#500753 http://www.kb.cert.org/vuls/id/500753 http://www.fortiguardcenter.com/advisory/FGA-2007-07.html http://www.osvdb.org/34404 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1885 XForce ISS Database: ie-msdauth-code-execution(33355) https://exchange.xforce.ibmcloud.com/vulnerabilities/33355
Copyright	Copyright (C) 2010 LSS

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.