TUCoPS :: Windows :: b06-4363.htm

Windows 2000 Multiple COM Object Instantiation Vulnerability
: Windows 2000 Multiple COM Object Instantiation Vulnerability
: Windows 2000 Multiple COM Object Instantiation Vulnerability


Advisory ID:
XSec-06-08

Advisory Name:
Windows 2000 Multiple COM Object Instantiation Vulnerability

Release Date:
08/21/2006

Tested on:
Windows 2000/Internet Explorer 6.0 SP1

Affected version:
Windows 2000

Author:
nop 
http://www.xsec.org 

Overview:
Multiple vulnerability has been found in Windows 2000, \
When Internet Explorer tries to instantiate the ciodm.dll, \
MyInfo.dll,msdxm.ocx,Creator.dll(Media player 9) COM object \
as an ActiveX control, it may corrupt system memory in such \
a way that an attacker may DoS and possibly could execute \
arbitrary code.

Exploit:
=============== 2000obj.htm start ===============



COM-tester






=============== 2000obj.htm end =================
Link:
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=16 

About XSec:
We are redhat.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH