Test ID:	1.3.6.1.4.1.25623.1.0.801707
Category:	Windows : Microsoft Bulletins
Title:	Microsoft Internet Explorer mshtml.dll Remote Memory Corruption Vulnerability (942615)
Summary:	This host is missing a critical security update according to; Microsoft Bulletin MS07-069.
Description:	Summary: This host is missing a critical security update according to Microsoft Bulletin MS07-069. Vulnerability Insight: The flaws are due to - A use-after-free error in mshtml.dll when handling 'setExpression()' method calls. - An error within the handling of the 'cloneNode()' and 'nodeValue()' methods. - An error when handling document objects that have been created, modified, deleted, and are then accessed. - An error when displaying web pages containing certain unexpected method calls. Vulnerability Impact: Successful exploitation will allow attacker to execute arbitrary code with the privileges of the application. Failed attacks may cause denial-of-service conditions. Affected Software/OS: Microsoft Internet Explorer version 5.x/6.x/7.x. Solution: The vendor has released updates. Please see the references for more information. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2007-3902 BugTraq ID: 26506 http://www.securityfocus.com/bid/26506 Bugtraq: 20071211 ZDI-07-073: Microsoft Internet Explorer setExpression Vulnerability (Google Search) http://www.securityfocus.com/archive/1/484887/100/0/threaded Cert/CC Advisory: TA07-345A http://www.us-cert.gov/cas/techalerts/TA07-345A.html HPdes Security Advisory: HPSBST02299 http://www.securityfocus.com/archive/1/485268/100/0/threaded HPdes Security Advisory: SSRT071506 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=631 http://www.zerodayinitiative.com/advisories/ZDI-07-073.html Microsoft Security Bulletin: MS07-069 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-069 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4582 http://securitytracker.com/id?1019078 http://secunia.com/advisories/28036 http://www.vupen.com/english/advisories/2007/4184 XForce ISS Database: ie-uninit-object-code-execution(38713) https://exchange.xforce.ibmcloud.com/vulnerabilities/38713 Common Vulnerability Exposure (CVE) ID: CVE-2007-3903 BugTraq ID: 26816 http://www.securityfocus.com/bid/26816 Bugtraq: 20071211 ZDI-07-074: Microsoft Internet Explorer Node Manipulation Memory Corruption (Google Search) http://www.securityfocus.com/archive/1/484888/100/0/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-074.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4553 XForce ISS Database: ie-clonenode-nodevalue-code-execution(38714) https://exchange.xforce.ibmcloud.com/vulnerabilities/38714 Common Vulnerability Exposure (CVE) ID: CVE-2007-5344 BugTraq ID: 26817 http://www.securityfocus.com/bid/26817 Bugtraq: 20071211 ZDI-07-075: Microsoft Internet Explorer Element Tags Vulnerability (Google Search) http://www.securityfocus.com/archive/1/484890/100/100/threaded http://www.zerodayinitiative.com/advisories/ZDI-07-075.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4480 XForce ISS Database: ie-element-code-execution(38715) https://exchange.xforce.ibmcloud.com/vulnerabilities/38715 Common Vulnerability Exposure (CVE) ID: CVE-2007-5347 BugTraq ID: 26427 http://www.securityfocus.com/bid/26427 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4332 XForce ISS Database: ie-dhtml-object-code-execution(38716) https://exchange.xforce.ibmcloud.com/vulnerabilities/38716
Copyright	Copyright (C) 2011 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.