| Description: | Summary:
This host is missing a critical security update according to
Microsoft Bulletin MS09-055.
Vulnerability Insight:
The flaw is due to an error in the ATL headers that handle
instantiation of an object from data streams, which could allow attackers to
instantiate arbitrary objects in Internet Explorer that can bypass certain
related security policies.
Vulnerability Impact:
Successful exploitation will let the remote attackers execute arbitrary code,
and can compromise a vulnerable system.
Affected Software/OS:
- Microsoft Windows 7
- Microsoft Windows 2K SP4/XP SP3/2K3 SP2 and prior
- Microsoft Windows Vista Service Pack 1/2 and prior
- Microsoft Windows Server 2008 Service Pack 1/2 and prior
Solution:
The vendor has released updates. Please see the references for more information.
As a workaround set the killbit for the following CLSIDs:
{0002E531-0000-0000-C000-000000000046}, {4C85388F-1500-11D1-A0DF-00C04FC9E20F},
{0002E532-0000-0000-C000-000000000046}, {0002E554-0000-0000-C000-000000000046},
{0002E55C-0000-0000-C000-000000000046}, {279D6C9A-652E-4833-BEFC-312CA8887857},
{B1F78FEF-3DB7-4C56-AF2B-5DCCC7C42331}, {C832BE8F-4B89-4579-A217-DB92E7A27915},
{A9A7297E-969C-43F1-A1EF-51EBEA36F850}, {DD8C2179-1B4A-4951-B432-5DE3D1507142},
{4F1E5B1A-2A80-42ca-8532-2D05CB959537}, {27A3D328-D206-4106-8D33-1AA39B13394B},
{DB640C86-731C-484A-AAAF-750656C9187D}, {15721a53-8448-4731-8bfc-ed11e128e444},
{3267123E-530D-4E73-9DA7-79F01D86A89F}
CVSS Score:
9.3
CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C
|
