CVE-2007-2216

Name of the Vulnerable Software and Affected Versions Internet Explorer versions 5.01, 6 SP1, and 7

Description The issue allows remote attackers to execute arbitrary code by requesting the HelpString property, involving a crafted DLL file argument to the TypeLibInfoFromFile function. This is due to an incorrect IObjectsafety implementation in the tblinf32.dll (also known as vstlbinf.dll) ActiveX control. An attacker could exploit this by constructing a specially crafted Web page, potentially allowing remote code execution if a user visits the page, and could gain the same user rights as the logged-on user.

Recommendations For Internet Explorer versions 5.01, 6 SP1, and 7, consider disabling the tblinf32.dll (aka vstlbinf.dll) ActiveX control to prevent exploitation until a patch is available. As a temporary workaround, restrict access to Web pages that could potentially exploit this issue to minimize the risk of remote code execution.