cvelistv5 - cve-2007-3027

CVE-2007-3027 (GCVE-0-2007-3027)

Vulnerability from cvelistv5

Published

2007-06-12 19:00

Modified

2024-08-07 13:57

Severity ?

CWE

Summary

Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka "Language Pack Installation Vulnerability."

References

URL

Tags

	http://www.securityfocus.com/archive/1/471209/100/0/threaded	mailing-list, x_refsource_BUGTRAQ
	http://secunia.com/advisories/25627	third-party-advisory, x_refsource_SECUNIA
	http://www.securityfocus.com/archive/1/471947/100/0/threaded	vendor-advisory, x_refsource_HP
	http://securitytracker.com/id?1018235	vdb-entry, x_refsource_SECTRACK
	http://www.securityfocus.com/bid/24429	vdb-entry, x_refsource_BID
	http://www.vupen.com/english/advisories/2007/2153	vdb-entry, x_refsource_VUPEN
	http://www.us-cert.gov/cas/techalerts/TA07-163A.html	third-party-advisory, x_refsource_CERT
	http://osvdb.org/35350	vdb-entry, x_refsource_OSVDB
	https://exchange.xforce.ibmcloud.com/vulnerabilities/34621	vdb-entry, x_refsource_XF
	http://www.zerodayinitiative.com/advisories/ZDI-07-037.html	x_refsource_MISC
	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1902	vdb-entry, signature, x_refsource_OVAL
	https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033	vendor-advisory, x_refsource_MS
	http://www.securityfocus.com/archive/1/471947/100/0/threaded	vendor-advisory, x_refsource_HP

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T13:57:54.941Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20070612 ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471209/100/0/threaded"
          },
          {
            "name": "25627",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/25627"
          },
          {
            "name": "SSRT071438",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          },
          {
            "name": "1018235",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://securitytracker.com/id?1018235"
          },
          {
            "name": "24429",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/24429"
          },
          {
            "name": "ADV-2007-2153",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2007/2153"
          },
          {
            "name": "TA07-163A",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT",
              "x_transferred"
            ],
            "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
          },
          {
            "name": "35350",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/35350"
          },
          {
            "name": "ie-language-code-execution(34621)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34621"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-037.html"
          },
          {
            "name": "oval:org.mitre.oval:def:1902",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1902"
          },
          {
            "name": "MS07-033",
            "tags": [
              "vendor-advisory",
              "x_refsource_MS",
              "x_transferred"
            ],
            "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
          },
          {
            "name": "HPSBST02231",
            "tags": [
              "vendor-advisory",
              "x_refsource_HP",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2007-06-12T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka \"Language Pack Installation Vulnerability.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-16T14:57:01.000Z",
        "orgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
        "shortName": "microsoft"
      },
      "references": [
        {
          "name": "20070612 ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/471209/100/0/threaded"
        },
        {
          "name": "25627",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/25627"
        },
        {
          "name": "SSRT071438",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        },
        {
          "name": "1018235",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://securitytracker.com/id?1018235"
        },
        {
          "name": "24429",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/24429"
        },
        {
          "name": "ADV-2007-2153",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2007/2153"
        },
        {
          "name": "TA07-163A",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT"
          ],
          "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
        },
        {
          "name": "35350",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/35350"
        },
        {
          "name": "ie-language-code-execution(34621)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34621"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-037.html"
        },
        {
          "name": "oval:org.mitre.oval:def:1902",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1902"
        },
        {
          "name": "MS07-033",
          "tags": [
            "vendor-advisory",
            "x_refsource_MS"
          ],
          "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
        },
        {
          "name": "HPSBST02231",
          "tags": [
            "vendor-advisory",
            "x_refsource_HP"
          ],
          "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@microsoft.com",
          "ID": "CVE-2007-3027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Race condition in Microsoft Internet Explorer 5.01, 6, and 7 allows remote attackers to execute arbitrary code by causing Internet Explorer to install multiple language packs in a way that triggers memory corruption, aka \"Language Pack Installation Vulnerability.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20070612 ZDI-07-037: Microsoft Internet Explorer Language Pack Installation Remote Code Execution Vulnerability",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/471209/100/0/threaded"
            },
            {
              "name": "25627",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/25627"
            },
            {
              "name": "SSRT071438",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            },
            {
              "name": "1018235",
              "refsource": "SECTRACK",
              "url": "http://securitytracker.com/id?1018235"
            },
            {
              "name": "24429",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/24429"
            },
            {
              "name": "ADV-2007-2153",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2007/2153"
            },
            {
              "name": "TA07-163A",
              "refsource": "CERT",
              "url": "http://www.us-cert.gov/cas/techalerts/TA07-163A.html"
            },
            {
              "name": "35350",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/35350"
            },
            {
              "name": "ie-language-code-execution(34621)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34621"
            },
            {
              "name": "http://www.zerodayinitiative.com/advisories/ZDI-07-037.html",
              "refsource": "MISC",
              "url": "http://www.zerodayinitiative.com/advisories/ZDI-07-037.html"
            },
            {
              "name": "oval:org.mitre.oval:def:1902",
              "refsource": "OVAL",
              "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1902"
            },
            {
              "name": "MS07-033",
              "refsource": "MS",
              "url": "https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-033"
            },
            {
              "name": "HPSBST02231",
              "refsource": "HP",
              "url": "http://www.securityfocus.com/archive/1/471947/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f38d906d-7342-40ea-92c1-6c4a2c6478c8",
    "assignerShortName": "microsoft",
    "cveId": "CVE-2007-3027",
    "datePublished": "2007-06-12T19:00:00.000Z",
    "dateReserved": "2007-06-05T00:00:00.000Z",
    "dateUpdated": "2024-08-07T13:57:54.941Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2007-AVI-263

Vulnerability from certfr_avis

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. L'exploitation de l'une d'elles permettrait à une personne malveillante de tromper l'utilisateur, voire d'exécuter des commandes arbitraires sur son système vulnérable.

Description

Plusieurs vulnérabilités ont été identifiées dans le navigateur Microsoft Internet Explorer. Parmi celles-ci :

le navigateur ne crée pas correctement les instances de certains objets COM (Component Object Model) pour les utiliser comme contrôles ActiveX. Cette vulnérabilité, exploitée par le biais d'une page Web spécialement construite, permet à la personne malveillante de lancer des commandes arbitraires sur le système, avec les mêmes droits que l'utilisateur connecté. Internet Explorer 7 n'est cependant pas affecté par cette vulnérabilité ;
le navigateur ne manipule pas correctement certaines balises de style CSS (Cascading Style Sheets). Une page spécialement construite pourrait donc corrompre la mémoire du système, et permettre l'exécution de code ;
le navigateur ne gère pas correctement l'installation de plusieurs paquets linguistiques, pouvant entraîner une situation de compétition (race condition). Cette dernière permettrait à une personne malveillante d'exécuter du code arbitraire sur le système ;
le navigateur chercherait à accéder à un objet qui n'a pas été initialisé, ou qui a été préalablement supprimé. Ce problème peut être exploité par une personne malveillante pour, comme les précédentes vulnérabilités, exécuter du code arbitraire sur le système vulnérable ;
le navigateur ne gère pas correctement les modifications de la page d'annulation (cancel page). Une personne malveillante pourrait donc tromper l'utilisateur en lui présentant une autre page spécialement construite ;
le navigateur ne manipule pas correctement certains objets ActiveX liés à Microsoft Speech, un moyen d'interagir avec la machine pour les applications vocales.

Solution

Se référer au bulletin de sécurité MS07-033 de Microsoft pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.
Microsoft	Windows	Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;
Microsoft	Windows	Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;

References

Title

Publication Time

Tags

Bulletin de sécurité Microsoft MS07-033 du 12 juin 2007

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Microsoft Internet Explorer 7 sous Windows XP, Windows Server 2003 et Windows Vista.",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 6 sous Windows XP et Windows Server 2003 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Microsoft Internet Explorer 5.01 et Internet Explorer 6 Service Pack 1 sous Windows 2000 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nPlusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. Parmi celles-ci :\n\n-   le navigateur ne cr\u00e9e pas correctement les instances de certains\n    objets COM (Component Object Model) pour les utiliser comme\n    contr\u00f4les ActiveX. Cette vuln\u00e9rabilit\u00e9, exploit\u00e9e par le biais d\u0027une\n    page Web sp\u00e9cialement construite, permet \u00e0 la personne malveillante\n    de lancer des commandes arbitraires sur le syst\u00e8me, avec les m\u00eames\n    droits que l\u0027utilisateur connect\u00e9. Internet Explorer 7 n\u0027est\n    cependant pas affect\u00e9 par cette vuln\u00e9rabilit\u00e9 ;\n-   le navigateur ne manipule pas correctement certaines balises de\n    style CSS (Cascading Style Sheets). Une page sp\u00e9cialement construite\n    pourrait donc corrompre la m\u00e9moire du syst\u00e8me, et permettre\n    l\u0027ex\u00e9cution de code ;\n-   le navigateur ne g\u00e8re pas correctement l\u0027installation de plusieurs\n    paquets linguistiques, pouvant entra\u00eener une situation de\n    comp\u00e9tition (race condition). Cette derni\u00e8re permettrait \u00e0 une\n    personne malveillante d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me ;\n-   le navigateur chercherait \u00e0 acc\u00e9der \u00e0 un objet qui n\u0027a pas \u00e9t\u00e9\n    initialis\u00e9, ou qui a \u00e9t\u00e9 pr\u00e9alablement supprim\u00e9. Ce probl\u00e8me peut\n    \u00eatre exploit\u00e9 par une personne malveillante pour, comme les\n    pr\u00e9c\u00e9dentes vuln\u00e9rabilit\u00e9s, ex\u00e9cuter du code arbitraire sur le\n    syst\u00e8me vuln\u00e9rable ;\n-   le navigateur ne g\u00e8re pas correctement les modifications de la page\n    d\u0027annulation (cancel page). Une personne malveillante pourrait donc\n    tromper l\u0027utilisateur en lui pr\u00e9sentant une autre page sp\u00e9cialement\n    construite ;\n-   le navigateur ne manipule pas correctement certains objets ActiveX\n    li\u00e9s \u00e0 Microsoft Speech, un moyen d\u0027interagir avec la machine pour\n    les applications vocales.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 MS07-033 de Microsoft pour\nl\u0027obtention des correctifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2007-0218",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-0218"
    },
    {
      "name": "CVE-2007-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1750"
    },
    {
      "name": "CVE-2007-1499",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1499"
    },
    {
      "name": "CVE-2007-2222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2222"
    },
    {
      "name": "CVE-2007-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-1751"
    },
    {
      "name": "CVE-2007-3027",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-3027"
    }
  ],
  "initial_release_date": "2007-06-13T00:00:00",
  "last_revision_date": "2007-06-13T00:00:00",
  "links": [],
  "reference": "CERTA-2007-AVI-263",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2007-06-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 identifi\u00e9es dans le navigateur\nMicrosoft Internet Explorer. L\u0027exploitation de l\u0027une d\u0027elles permettrait\n\u00e0 une personne malveillante de tromper l\u0027utilisateur, voire d\u0027ex\u00e9cuter\ndes commandes arbitraires sur son syst\u00e8me vuln\u00e9rable.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Internet Explorer",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS07-033 du 12 juin 2007",
      "url": "http://www.microsoft.com/technet/security/Bulletin/MS07-033.mspx"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2007-3027 (GCVE-0-2007-3027)

Vulnerability from cvelistv5

CERTA-2007-AVI-263

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature