Softpedia
 
HomepageWindowsGamesDriversMacLinuxScripts buttonMobileHandheldNews

NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home > News > Microsoft

February 14th, 2007, 10:34 GMT · By

Internet Explorer 7 - Scarred By Vulnerabilities

SHARE:

Adjust text size:


Internet Explorer 7 immaculate record is on its way down the drain. Concomitantly with the release of the February 2007 Security Bulletins, Microsoft has also made available patches
for vulnerabilities scarring the latest version of its browser.

Two privately reported vulnerabilities related to COM Object Instantiation Memory Corruption affect a range of Microsoft browsers including Internet Explorer 5.01, 6, and 7. Only the issues impacting Versions 5 and 6 of Internet Explorer are considered Critical.

"A remote code execution vulnerability exists in the way Internet Explorer instantiates COM objects that are not intended to be instantiated in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user viewed the Web page. An attacker who successfully exploited this vulnerability could take complete control of an affected system," informed Microsoft.

However, Microsoft has informed that only IE7 for Windows XP Service Pack 2 and Windows Server 2003 Service Pack 1 are affected. The IE7 that ships with Windows Vista is in no way impacted by the vulnerabilities. Microsoft has released a cumulative security update for Internet Explorer.

"Included in this release are 'Important' security updates for Internet Explorer 7 for Windows XP SP2 and Windows Server 2003 SP1 that disable specific COM objects not intended to be instantiated in Internet Explorer. While these vulnerabilities are considered 'Critical' in IE5 and IE6, the objects are blocked by the ActiveX Opt-in feature in IE7, preventing attacks that use non-approved controls from running an exploit. Since some users may turn off ActiveX Opt-in or mistakenly permit the objects to load without prompt, this update disables loading these objects to provide further defense-in-depth. IE7 in Windows Vista already disables these objects and is not affected by this update," revealed Geoffrey Silva, IE Program Manager.

TELL US WHAT YOU THINK:

2,078 hits · Link to this article · Print article · Send to friend · Subscribe to news

MUST-READ RELATED ARTICLES:


Internet Explorer 8.0 Available for Download on Peer-to-Peer Networks
The First Security Vulnerability in Internet Explorer 7
Microsoft Revamped IE Add-ons
Microsoft Updates the IE7 Phishing Filter
Manage Internet Explorer 7 Protect Mode

READER COMMENTS:



No user comments yet.
Be the first to express your opinion!
Copyright © 2001-2012 Softpedia. Contact/Tip us at

WindowsGamesDriversMacLinuxScriptsMobileHandheldNews

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   UPDATE YOUR SOFTWARE   |   ROMANIAN FORUM
© 2001 - 2012 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are
registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use