New vulnerability in Internet Explorer -







Share:
Sponsors:
Consult has reported a vulnerability in
Microsoft Internet Explorer (rated as "Higly critical" by Secunia), which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
Current rating: 5.46 by 92 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Comments
Please register or sign-in to post comments.
Related News Stories
(9,899 reads) 07-05-2008
· Fusion Security(15,466 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(14,274 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,716 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(14,208 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,974 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,996 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,726 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,593 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,978 reads) 10-01-2006
· ipBan Modification
Re: New vulnerability in Internet Explorer -
By: Dauthus @ 01:18:09 : 07-08-2005