Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
: Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
Advisory ID:
XSec-06-04
Advisory Name:
Internet Explorer (msoe.dll) COM Object Instantiation Vulnerability
Release Date:
08/15/2006
Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows 2000 SP4 / XP SP2 CN
Affected version:
Internet Explorer 6.0
Author:
nop http://www.xsec.org
Overview:
A vulnerability has been found in Internet Explorer 6.0. \
When Internet Explorer tries to instantiate the msoe.dll \
(OutLook) COM object as an ActiveX control, it may corrupt \
system memory in such a way that an attacker may DoS and possibly \
could execute arbitrary code.
Exploit:
=============== msoe.dll.htm start ===============
=============== msoe.dll.htm end =================
Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10
About XSec:
We are redhat.