MS07-064 和MS07-069

http://seclists.org/fulldisclosure/2007/Dec/0347.html
关键：
This vulnerability exists in the DirextShow SAMI parser, which is
implemented in quartz.dll. When the SAMI parser copies parameters into
a stack buffer, it does not properly check the length of the parameter.
As such, parsing a specially crafted SAMI file can cause a stack-based
buffer overflow. This allows an attacker to execute arbitrary code.
不归我管，没空分析。

http://seclists.org/fulldisclosure/2007/Dec/0345.html
关键：
The vulnerability lies in the JavaScript setExpression method, which is
implemented in mshtml.dll. When malformed parameters are supplied,
memory can be corrupted in a way that results in Internet Explorer
accessing a previously deleted object. By creating a specially crafted
web page, it is possible for an attacker to control the contents of the
memory pointed to by the released object. This allows an attacker to
execute arbitrary code.

怎么现在MS都喜欢一下子更新十几个DLL，有毛病啊。
mshtml.dll大概有十几个函数变动，眼花缭乱。不是为了漏洞本身，要快速解决这个可以考虑直接从setExpression的参数入手，猜猜就应该猜到的。纯粹是为了分析着玩。