New vulnerability in Internet Explorer -
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
Consult has reported a vulnerability in
Microsoft Internet Explorer (rated as "Higly critical" by Secunia), which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
Current rating: 5.46 by 92 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Comments
Please register or sign-in to post comments.
Related News Stories
(9,209 reads) 07-05-2008
· Fusion Security(14,898 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,670 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,110 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,608 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,398 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,430 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,150 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,015 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,384 reads) 10-01-2006
· ipBan Modification
Re: New vulnerability in Internet Explorer -
By: Dauthus @ 01:18:09 : 07-08-2005