Zeroday Internet Explorer vulnerability update



The infocon level at incidents.org has been lowered back to green although there is still no patch for this issue from Microsoft and the threat still exists. They like to use the higher level to get attention to an issue, but not leave it on higher alert level for extended periods. They also have noted that Microsoft has updated their advisory.


Below is their summary of the details.

Following statements are summary of updated information.
The affected versions of Msdds.dll are 7.0.9064.9112 and 7.0.9446.0. Customers who have Msdds.dll with version 7.0.9955.0, 7.10.3077.0, or higher on their systems are not affected by this vulnerability.

The Microsoft DDS Library Shape Control (Msdds.dll) does not ship in the .NET Framework.

Microsoft Office 2003 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Access 2003 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Visual Studio 2003 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Visual Studio 2002 Service Pack 1 are not affected by this vulnerability. (ships a higher version dll)

Microsoft Office XP Service Pack 3 are not by default affected by this vulnerability. However, its only in a vulnerable configuration if VS runtime library files are in the search path for Internet Explorer. These files are Msvcr70.dll and Msvscp70.dll. For instance by placing them in the same directory as Msdds.dll or in the %windir%/system32 directory could expose Office XP customers to this issue.

   Send article as PDF   

Similar Posts