=====================================================================
                                     CERT-Renater

                          Note d'Information No. 2007/VULN266
_____________________________________________________________________

DATE                      : 13/06/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Interbet Explorer.

======================================================================

MS07-033 - Cumulative Security Update for Internet Explorer (933566)

Affected Software:
     - Microsoft Windows 2000 Service Pack 4
     - Windows XP Service Pack 2
     - Windows XP Professional x64 Edition
     - Windows XP Professional x64 Edition Service Pack 2
     - Windows Server 2003 Service Pack 1
     - Windows Server 2003 Service Pack 2
     - Windows Server 2003 with SP1 for Itanium-based Systems
     - Windows Server 2003 with SP2 for Itanium-based Systems
     - Windows Server 2003 x64 Edition
     - Windows Server 2003 x64 Edition Service Pack 2
     - Windows Vista
     - Windows Vista x64 Edition

Full MS07-033 advisory:
    http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx


Vulnerability Details

COM Object Instantiation Memory Corruption Vulnerability - CVE-2007-0218

     A remote code execution vulnerability exists in the way Internet Explorer
     instantiates COM objects that are not intended to be instantiated in
     Internet Explorer. An attacker could exploit the vulnerability by
     constructing a specially crafted Web page. When a user views the Web page,
     the vulnerability could allow remote code execution. An attacker who
     successfully exploited this vulnerability could take complete control of
     an affected system.

CSS Tag Memory Corruption Vulnerability - CVE-2007-1750

     A remote code execution vulnerability exists in Internet Explorer due to
     improper handling of a CSS tag. An attacker could exploit the vulnerability
     by constructing a specially crafted Web page. When a user views the Web
     page, the vulnerability could allow remote code execution. An attacker
     who successfully exploited this vulnerability could take complete control
     of an affected system.

Language Pack Installation Vulnerability - CVE-2007-3027

     A remote code execution vulnerability exists in Internet Explorer in the
     way that it handles language pack installation. An attacker could exploit
     the vulnerability by constructing a specially crafted Web page. When a
     user views the Web page, the vulnerability could allow remote code
     execution. An attacker who successfully exploited this vulnerability could
     take complete control of an affected system. User interaction, while
     expected, is required to exploit this vulnerability.

Uninitialized Memory Corruption Vulnerability - CVE-2007-1751

     A remote code execution vulnerability exists in the way Internet Explorer
     accesses an object that has not been correctly initialized or that has
     been deleted. An attacker could exploit the vulnerability by constructing
     a specially crafted Web page. When a user views the Web page, the
     vulnerability could allow remote code execution. An attacker who
     successfully exploited this vulnerability could take complete control of
     an affected system.

Navigation Cancel Page Spoofing Vulnerability - CVE-2007-1499

     A spoofing vulnerability exists in Internet Explorer that could allow an
     attacker to display spoofed content in the Navigation canceled page. An
     attacker could exploit the vulnerability by constructing a specially
     crafted Web page. When a user views the Web page, the vulnerability could
     allow remote code execution. An attacker who successfully exploited this
     vulnerability could take complete control of an affected system.

Speech Control Memory Corruption Vulnerability - CVE-2007-2222

     A remote code execution vulnerability exists in a component of Microsoft
     Speech API 4. An attacker could exploit the vulnerability by constructing
     a specially crafted Web page. When a user views the Web page, the
     vulnerability could allow remote code execution. An attacker who
     successfully exploited this vulnerability could take complete control of
     an affected system.

======================================================================

            =========================================================
            Les serveurs de référence du CERT-Renater
            http://www.urec.fr/securite
            http://www.cru.fr/securite
            http://www.renater.fr
            =========================================================
            + CERT-RENATER          | tel : 01-53-94-20-44          +
            + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
            + 75013 Paris           | email: certsvp@renater.fr     +
            =========================================================