CVE-2007-0942

Name of the Vulnerable Software and Affected Versions: Microsoft Internet Explorer versions 5.01 SP4 through 7

Description: A remote code execution issue exists due to the improper instantiation of certain COM objects as ActiveX controls. This allows remote attackers to execute arbitrary code via a crafted COM object. An attacker could exploit this by constructing a specially crafted Web page, potentially allowing remote code execution if a user visited the page, and could take complete control of an affected system.

Recommendations: For Microsoft Internet Explorer versions 5.01 SP4 through 7, update to a version that properly instantiates COM objects as ActiveX controls to prevent remote code execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.