Skip to main content

Sourcefire pushes IE7 updates to customers

Open source innovator and SNORT creator, Sourcefire announced that the Sourcefire Vulnerability Research Team (VRT) delivered rules that protected Sourcefire customers and Snort users for close to a month prior to the recent Microsoft vulnerability disclosure (Microsoft Security Bulletin MS07-061).

Sourcefire’s Security Enhancement Update (SEU) 111, published on October 17, 2007, addressed today’s vulnerability, which impacts Microsoft Windows and Internet Explorer.

Prior to Microsoft’s disclosure, the Sourcefire VRT had already created, tested and delivered Snort rules designed to detect attacks targeting the Microsoft vulnerability identified in Microsoft Security Bulletin MS07-061.

This critical Internet Explorer 7 remote code execution vulnerability exists in the way that the Windows shell handles specifically crafted URIs (uniform resource identifiers) that are passed to it.

If the Windows shell did not sufficiently validate these URIs, an attacker could exploit this vulnerability and execute arbitrary code.

Microsoft has only identified ways to exploit this vulnerability on systems using Internet Explorer 7.

However, the vulnerability exists in a Windows file, Shell32.dll, which is included in all supported editions of Windows XP and Windows Server 2003.

Désiré Athow
Contributor

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.