|
|
|||
| Rule General Information |
|---|
| Release Date: | 2019-07-04 | |
| Rule Name: | TLBINFO32.DLL Remote DLL Loading Code Execution Vulnerability (CVE-2007-2216) | |
| Severity: | ||
| CVE ID: | ||
| Rule Protection Details |
|---|
| Description: | The tblinf32.dll (aka vstlbinf.dll) ActiveX control for Internet Explorer 5.01, 6 SP1, and 7 uses an incorrect IObjectsafety implementation, which allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function, which overwrites the HelpStringDll property to call the DLLGetDocumentation function in another DLL file, aka "ActiveX Object Vulnerability." | |
| Impact: | An attacker can execute arbitrary code via a successful exploit in the context of the vulnerable software. | |
| Affected OS: | Windows, Linux, FreeBSD, Solaris, Other Unix, Network Device, Mac OS, iOS, Android, Others | |
| Reference: | SecurityFocusBID:25289 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 SecurityTrackerID:1018562 http://www.securityfocus.com/archive/1/476742/100/0/threaded |
|
| Solutions |
|---|
| The vendors have released upgrade patches to fix vulnerabilities, please visit: https://docs.microsoft.com/en-us/security-updates/securitybulletins/2007/ms07-045 |