New vulnerability in Internet Explorer -
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Y! MyWeb
Share:
Sponsors:
Consult has reported a vulnerability in
Microsoft Internet Explorer (rated as "Higly critical" by Secunia), which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
Current rating: 5.46 by 92 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Comments
Please register or sign-in to post comments.
Related News Stories
(9,199 reads) 07-05-2008
· Fusion Security(14,888 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(13,658 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,098 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(13,596 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,390 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,420 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,142 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(17,995 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,372 reads) 10-01-2006
· ipBan Modification
Re: New vulnerability in Internet Explorer -
By: Dauthus @ 01:18:09 : 07-08-2005