Microsoft has released a fairly important Internet Explorer update to fix at least three code vulnerabilities in IE.

The cumulative IE update (MS07-045) takes care of a list of nine updates that contain fixes for 14 vulnerabilities.

“The update affects IE 5.0 through IE 7.0 on Windows Vista but, because of defense-in-depth mitigations, the severity rating has been reduced to “important” on the newer versions.”

Microsoft describes 3 issues:

1. A remote code execution vulnerability exists in the ActiveX control, tblinf32.dll. This control can also be found under the name of vstlbinf.dll. Both of these components were never intended to be supported in Internet Explorer. An attacker could exploit the vulnerability by constructing a specially crafted Web page that could potentially allow remote code execution if a user visited the Web page.
2. A remote code execution vulnerability exists in the ActiveX object, pdwizard.ocx. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution.
3. A remote code execution vulnerability exists in the way Internet Explorer parses certain strings in CSS. An attacker could exploit the vulnerability by constructing a specially crafted Web page. When a user views the Web page, the vulnerability could allow remote code execution. An attacker who successfully exploited this vulnerability could gain the same user rights as the logged on user.

In all, there are six critical bulletins in this latest release. These effect XML Core Services (Windows 2000 through Windows Vista); Object Linking and Embedding (OLE) automation (Vista is not affected); Microsoft Excel (Office 2000, Office 2003, Office XP and Office 2004 for Mac); Graphics Rendering Engine (Windows 2000 through Windows Server 2003); and Vector Markup Language (IE 5.0 through IE 7.0 on Windows Vista).

The other three bulletins cover:

MS07-047 — Two code execution holes in the way Windows Media Player parses and decompresses skins. This is rated “important.”

MS07-049 — Patches an elevation of privilege vulnerability in Microsoft Virtual PC and Microsoft Virtual Server could allow a guest operating system user to run code on the host or another guest operating systems. This update carries an “important” rating.

MS07-048 — This applies to at least three serious flaws in Windows Gadgets. This “important” update is specific to Windows Vista and affects the Feed Headlines Gadget, the Weather Gadget and the Contacts Gadget.

These vulnerabilities have been thrown around that past couple of days without fixes; glad they issued these fairly quickly. More info to come… 

Indiana Jones 4  and Iron Man are just a few movies I am really excited for coming up in 2008. Awesome uber-geek-movie stuff is coming out of San Diego Comic Con this week.

According to ComingSoon.net (one of my favorite movie sites on the net) - IndianaJones.com has received an update which includes new desktop wallpapers for the upcoming fourth Indy flick. However, I am unable to download any of the wallpapers off their updated site with either IE7 and Firefox. Anyone else having issues?

I am going to keep trying… I want the new wallpapers damnit!

And the Iron Man website is updated with the new graphic of the Iron Man helmet. Looks awesome. I seriously can’t wait for this movie. Iron Man Director Jon Favreau has a MySpace Iron Man movie group going where he often interacts with Iron Man fans which I think is the coolest thing ever. The mere fact Jon makes time to come out and talk with fans about the movie is just awesome. I would keep my eye on Jon for future films as well. I predict he’s going to become a great director of many cool films to come.

I am following stuff coming out of San Diego Comic Con and will probably make another blog post tomorrow about a few more things.

This post was written using Windows Live Writer.