New vulnerability in Internet Explorer -







Share:
Sponsors:
Consult has reported a vulnerability in
Microsoft Internet Explorer (rated as "Higly critical" by Secunia), which potentially can be exploited by malicious people to compromise a
user's system.
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
The vulnerability is caused due to the "javaprxy.dll" COM object being instantiated incorrectly in Internet Explorer via the object tag. This can be exploited via a malicious web site to cause a memory corruption. Successful exploitation may allow execution of arbitrary code.
The vulnerability has been reported in versions 5.01, 5.5, and 6.0, and Microsoft recommends setting Internet and Local intranet security zone settings to "High".
More information and a proof of concept are available at sec-consult.com/184.html. Microsoft information, available at microsoft.com/technet/security/ad...3144.mspx.
Article submitted by: Taut
Last Update: 07-01-2005
Category: Security
Current rating: 5.46 by 92 users
Would you recommend this article to a friend? |
Not a Chance | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | Absolutely |
Comments
Please register or sign-in to post comments.
Related News Stories
(9,741 reads) 07-05-2008
· Fusion Security(15,358 reads) 06-02-2007
· NukeSentinel(tm)2.5.10 Critical Update(14,150 reads) 05-07-2007
· NukeSentinel(tm) 2.5.08 Maintainance Release(15,600 reads) 03-15-2007
· NukeSentinel(tm) 2.5.07 Reissued: Critical Update(14,096 reads) 03-02-2007
· NukeSentinel(tm) 2.5.06: Critical Update(14,866 reads) 01-23-2007
· NukeSentinel(tm) 2.5.05 released(14,884 reads) 12-24-2006
· NukeSentinel 2.5.04 released(14,606 reads) 11-03-2006
· NukeSentinel(tm) 2.5.03 Released(18,481 reads) 10-19-2006
· Php Nuke 8.0 Patched(14,848 reads) 10-01-2006
· ipBan Modification
Re: New vulnerability in Internet Explorer -
By: Dauthus @ 01:18:09 : 07-08-2005