|
|||
Rule General Information |
---|
Release Date: | 2019-07-04 | |
Rule Name: | TLBINFO32.DLL Remote DLL Loading Code Execution Vulnerability (CVE-2007-2216) | |
Severity: | ||
CVE ID: | ||
Rule Protection Details |
---|
Description: | The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." | |
Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
Reference: | SecurityFocusBID:25289 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 SecurityTrackerID:1018562 http://www.securityfocus.com/archive/1/476742/100/0/threaded |
|
Solutions |
---|
The vendors have released upgrade patches to fix vulnerabilities, please visit: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 |