HighProventia Network IDS, Proventia-G 1.1 and earlier, IBM Security Server Protection for Windows, Proventia Network MFS, BlackICE Server Protection, BlackICE PC Protection, RealSecure Server Sensor, RealSecure Network, Proventia Network IPS, Proventia Desktop, RealSecure Desktop, Virtual Server Protection for Vmware, Proventia Server IPS for Linux technology:
This signature detects an arbitrary file overwrite.
High
Proventia Network IDS: XPU 27.010, Proventia-G 1.1 and earlier: XPU 27.010, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.2020, Proventia Network MFS: XPU 27.010, BlackICE Server Protection: 3.6.cqh, BlackICE PC Protection: 3.6cqh, RealSecure Server Sensor: XPU 27.010, RealSecure Network: XPU 27.010, Proventia Network IPS: XPU 27.010, Proventia Desktop: 2020, RealSecure Desktop: eqh, Virtual Server Protection for Vmware: 1.0, Proventia Server IPS for Linux technology: 27.010
Microsoft Internet Explorer: 6.0, Microsoft Internet Explorer: 6.0 SP1, Microsoft Internet Explorer: 5.01 SP4, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: SP1 x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Internet Explorer: 7.0, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional
Unauthorized Access Attempt
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the mdsauth.dll control in Windows Media Server. An attacker could exploit this vulnerability by persuading a victim to visit a specially-crafted Web page.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
IBM Internet Security Systems Protection Alert, May 8, 2007
Microsoft Internet Explorer Msauth.dll Code Execution
http://www.iss.net/threats/263.html
Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)
http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)
http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx
Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)
http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)
http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
ISS X-Force
Microsoft Internet Explorer msauth.dll code execution
http://www.iss.net/security_center/static/33355.php
CVE
CVE-2007-2221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2221