Zero-day Vulnerability Database
Zero-day vulnerabilities discovered: 10
Multiple vulnerabilities in Microsoft Internet Explorer
CVE-2007-5347
Memory corruption
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an error when handling certain DHTML object methods. A remote attacker can create a specially crafted HTML page, trick the victim into visiting it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Internet Explorer
Privilege escalation in Macrovision SafeDisc driver for Microsoft Windows
CVE-2007-5587
Buffer overflow
The vulnerability allows a local user to escalation privileges on vulnerable system.
The vulnerability exists due to incorrect handling of configuration parameters within Macrovision SafeDisc SECDRV.SYS driver, shipped by default with Windows XP and Windows 2003 operating systems. A local user pass specially crafted parameters to METHOD_NEITHER IOCTL and execute arbitrary code on the target system with elevated privileges.
Successful exploitation of this vulnerability allows a local unprivileged user to elevate his privileges and gain administrative access to vulnerable system.
Note: the vulnerability is being actively exploited.
Software: Windows
Links:
http://www.securityfocus.com/archive/1/archive/1/482482/100/0/threaded
https://downloads.avaya.com/css/P8/documents/100063289
https://threats.kaspersky.com/en/vulnerability/KLA10257/
https://www.tenable.com/plugins/index.php?view=single&id=29311
https://technet.microsoft.com/en-us/library/security/ms07-067.aspx
http://www.trendmicro.com/vinfo/us/threat-encyclopedia/archive/security-advisories/(ms07-067)%20vuln...
https://www.dshield.org/diary/Windows%2BXP%2Band%2B2003%2Blocal%2Bprivilege%2Bescalation%2Bvulnerabi...
https://blogs.technet.microsoft.com/msrc/2007/11/05/msrc-blog-security-advisory-944653/
Remote code execution via URI handlers in Microsoft Windows
CVE-2007-3896
OS command injection
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to insufficient filtration of URIs in Shell32.dll when open applications via URL handlers (e.g. mailto:). A remote attacker can create a specially crafted URI, containing invalid sequence of % characters, trick the victim to click on it and execute arbitrary system commands with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Windows
Remote code execution in Microsoft Word
CVE-2007-3899
Memory corruption
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed strings in Word document. A remote attacker can create a specially crafted MS Word document, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Word
Remote code execution in Microsoft DNS server
CVE-2007-1748
Stack-based buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when processing RPC requests in Microsoft Windows DNS server, which contain long zone name parameter with escaped octal strings.
A remote attacker can send a specially crafted RPC request to vulnerable DNS server, cause stack-based buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Windows Server
Remote code execution in Microsoft Windows
CVE-2007-0038
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling cursor, animated cursor, and icon formats. A remote attacker can create a specially crafted malicious cursor or icon file, cause buffer overflow and execute arbitrary code on vulnerable system.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
This vulnerability was discovered by Alexander Sotirov of Determina and was rediscovered in the wild by McAfee.
Software: Windows
Links:
http://www.priveon.com/dmdocuments/PV-A-070003A.pdf
http://www.securityfocus.com/archive/1/464339/100/0/threaded
https://isc.sans.edu/diary/Windows+Animated+Cursor+Handling+vulnerability+-+CVE-2007-0038/2534
https://technet.microsoft.com/library/security/935423
https://technet.microsoft.com/en-us/library/security/ms07-017.aspx
Remote code execution in Microsoft Word
CVE-2007-0870
Memory corruption
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed stream in Word document. A remote attacker can create a specially crafted MS Word document, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
According to CERT, this vulnerability has been actively exploited in the wild before official patch release.
Software: Microsoft Word
Links:
http://www.kb.cert.org/vuls/id/332404
http://www.firstpost.com/business/biztech/business-tech/security/mcafee-solutions-for-windows-vulner...
https://technet.microsoft.com/en-us/library/security/933052.aspx
https://www.cnet.com/news/microsoft-fixes-nineteen-flaws-in-seven-patches-all-are-considered-critica...
https://nakedsecurity.sophos.com/2008/04/12/ole2-a-popular-malware-delivery-mechanism/
http://about-threats.trendmicro.com/ArchiveVulnerability.aspx?language=tw&name=(MS07-024)%20VULNERAB...
http://www.pcworld.com/article/130629/article.html
http://www.esecurityplanet.com/patches/article.php/3671041/Three-Critical-Fixes-For-Windows.htm
https://www.symantec.com/connect/tr/blogs/microsoft-patch-tuesday-may-2007?page=1
Buffer overflow in Microsoft Excel
CVE-2007-0671
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error when handling malformed records in Excel files. A remote attacker can create a specially crafted Excel file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
The attack was reported on February 2007. The exploit dropped malware that used www.top10member.com C&C server. According to TrendMicro, the malware functionality was very similar to BKDR_SYKIPOT.B.
Software: Microsoft Excel
Known/fameous malware:
Exploit-MSExcel.h.
Links:
https://www.symantec.com/security_response/writeup.jsp?docid=2007-021911-2650-99
https://www.symantec.com/connect/blogs/latest-office-zero-day-vulnerability
https://technet.microsoft.com/en-us/library/security/ms07-015.aspx
https://technet.microsoft.com/library/security/932553
http://blog.trendmicro.com/trendlabs-security-intelligence/the-sykipot-campaign/
Remote code execution in Microsoft Word
CVE-2007-0515
Buffer overflow
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability is caused by boundary error when processing malformed function in Word files. A remote attacker can create a specially crafted Word file, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Word
Known/fameous malware:
Backdoor.Trojan Downloader
Backdoor.Pcclient.B (MCID 8260)
Backdoor.Ginwui.E (MCID 8890)
Trojan.Mdropper.W
Links:
http://blogs.quickheal.com/cve-2007-0515-exploit-targeted-attack/
https://technet.microsoft.com/en-us/library/security/ms07-014.aspx
https://www.symantec.com/connect/blogs/watch-exploit-targeted-attack-video
https://www.symantec.com/security_response/writeup.jsp?docid=2007-020511-5519-99
http://blogs.quickheal.com/cve-2007-0515-exploit-targeted-attack/
Buffer overflow in Internet Explorer VML
CVE-2007-0024
Buffer overflow
The vulnerability allows a remote user to execute arbitrary code on the target system.
The vulnerability exists due to boundary error in Vgx.dll library when handling Vector Markup Language (VML) tags. A remote attacker can create a specially crafted web page, trick the victim into opening it and execute arbitrary code with privileges of the current user.
Successful exploitation of the vulnerability results in compromise of vulnerable system.
Note: this vulnerability is being actively exploited.
Software: Microsoft Internet Explorer