HighProventia Desktop, Proventia Network IPS, Proventia Server IPS for Linux technology, RealSecure Desktop, RealSecure Server Sensor, RealSecure Network, BlackICE Server Protection, BlackICE PC Protection, Proventia-G 1.1 and earlier, Proventia Network IDS, IBM Security Server Protection for Windows, Proventia Network MFS, Virtual Server Protection for Vmware:
This signature detects an arbitrary file overwrite.
High
Proventia Desktop: 2020, Proventia Network IPS: XPU 27.010, Proventia Server IPS for Linux technology: 27.010, RealSecure Desktop: eqh, RealSecure Server Sensor: XPU 27.010, RealSecure Network: XPU 27.010, BlackICE Server Protection: 3.6.cqh, BlackICE PC Protection: 3.6cqh, Proventia-G 1.1 and earlier: XPU 27.010, Proventia Network IDS: XPU 27.010, IBM Security Server Protection for Windows: 2.1.14.2400, IBM Security Server Protection for Windows: 1.0.914.2020, Proventia Network MFS: XPU 27.010, Virtual Server Protection for Vmware: 1.0
Microsoft Internet Explorer: 6.0, Microsoft Internet Explorer: 6.0 SP1, Microsoft Internet Explorer: 5.01 SP4, Microsoft Windows 2000: SP4, Microsoft Windows 2003 Server: SP1 x64, Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Internet Explorer: 7.0, Microsoft Windows Vista, Microsoft Windows Server 2003: SP2, Microsoft Windows Server 2003: SP2 Itanium, Microsoft Windows Server 2003: SP2 x64, Microsoft Windows Vista: x64, Microsoft Windows XP: SP2 x64 Professional
Unauthorized Access Attempt
Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on the system, caused by a vulnerability in the mdsauth.dll control in Windows Media Server. An attacker could exploit this vulnerability by persuading a victim to visit a specially-crafted Web page.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
Microsoft Security Bulletin MS07-027
Cumulative Security Update for Internet Explorer (931768)
http://www.microsoft.com/technet/security/Bulletin/MS07-027.mspx
IBM Internet Security Systems Protection Alert, May 8, 2007
Microsoft Internet Explorer Msauth.dll Code Execution
http://www.iss.net/threats/263.html
Microsoft Security Bulletin MS07-033
Cumulative Security Update for Internet Explorer (933566)
http://www.microsoft.com/technet/security/bulletin/ms07-033.mspx
Microsoft Security Bulletin MS07-045
Cumulative Security Update for Internet Explorer (937143)
http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx
Microsoft Security Bulletin MS07-057
Cumulative Security Update for Internet Explorer (939653)
http://www.microsoft.com/technet/security/Bulletin/MS07-057.mspx
Microsoft Security Bulletin MS07-069
Cumulative Security Update for Internet Explorer (942615)
http://www.microsoft.com/technet/security/bulletin/ms07-069.mspx
Microsoft Security Bulletin MS08-010
Cumulative Security Update for Internet Explorer (944533)
http://www.microsoft.com/technet/security/bulletin/ms08-010.mspx
Microsoft Security Bulletin MS08-024
Cumulative Security Update for Internet Explorer (947864)
http://www.microsoft.com/technet/security/bulletin/ms08-024.mspx
Microsoft Security Bulletin MS08-031
Cumulative Security Update for Internet Explorer (950759)
http://www.microsoft.com/technet/security/Bulletin/MS08-031.mspx
Microsoft Security Bulletin MS08-045
Cumulative Security Update for Internet Explorer (953838)
http://www.microsoft.com/technet/security/bulletin/ms08-045.mspx
Microsoft Security Bulletin MS08-058
Cumulative Security Update for Internet Explorer (956390)
http://www.microsoft.com/technet/security/bulletin/ms08-058.mspx
ISS X-Force
Microsoft Internet Explorer msauth.dll code execution
http://www.iss.net/security_center/static/33355.php
CVE
CVE-2007-2221
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2221