New vulnerability in Internet Explorer -







Share:
Sponsors:
Consult has reported a vulnerability in
Microsoft Internet Explorer (rated as "Higly critical" by Secunia), which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
Current rating: 5.46 by 92 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Comments
Please register or sign-in to post comments.
Related News Stories
(9,841 reads) 07-05-2008
· Fusion Security(15,416 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(14,216 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,668 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(14,156 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,924 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,946 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,674 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,547 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,920 reads) 10-01-2006
· ipBan Modification
Re: New vulnerability in Internet Explorer -
By: Dauthus @ 01:18:09 : 07-08-2005