=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2007/VULN352
_____________________________________________________________________

DATE                      : 16/08/2007

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Tout Windows avec Internet Explorer

======================================================================


MS07-045 - Cumulative Security Update for Internet Explorer (937143)

Original Bulletin:
  http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx

Affected Software:

  Microsoft Internet Explorer 5.01
  Microsoft Internet Explorer 6 	 	 	
  Windows Internet Explorer 7

Vulnerability Details:

CSS Memory Corruption Vulnerability - CVE-2007-0943

A remote code execution vulnerability exists in the way Internet
Explorer parses certain strings in CSS. An attacker could exploit the
vulnerability by constructing a specially crafted Web page. When a user
views the Web page, the vulnerability could allow remote code execution.
An attacker who successfully exploited this vulnerability could gain the
same user rights as the logged on user.
	
ActiveX Object Vulnerability - CVE-2007-2216

A remote code execution vulnerability exists in the ActiveX control,
tblinf32.dll. This control can also be found under the name of vstlbinf.dll.
Both of these components were never intended to be supported in Internet
Explorer. An attacker could exploit the vulnerability by constructing a
specially crafted Web page that could potentially allow remote code
execution if a user visited the Web page. An attacker who successfully
exploited this vulnerability could gain the same user rights as the
logged on user.

ActiveX Object Memory Corruption Vulnerability - CVE-2007-304

A remote code execution vulnerability exists in the ActiveX object,
pdwizard.ocx. An attacker could exploit the vulnerability by
constructing a specially crafted Web page. When a user views the Web
page, the vulnerability could allow remote code execution. An attacker
who successfully exploited this vulnerability could gain the same user
rights as the logged on user.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================