Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft COM
Microsoft COM is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft COM includes COM+, Distributed COM (DCOM), and ActiveX Controls.
The Problem
Microsoft COM objects are not properly handled. Specifically, users are not properly warned before COM objects are executed.
More information is available in Microsoft Security Bulletin MS06-015.
A remote attacker may be able to execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user running Windows Explorer.
Apply an Update
This issue is addressed in Microsoft Security Bulletin MS06-015.
Some problems associated with the update (verclsid.exe
) and resolutions are described in Microsoft Knowledge Base Article 918165.
Refer to MS06-015
Refer to Microsoft Security Bulletin MS06-015 for workarounds for this vulnerability.
641460
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Updated: April 11, 2006
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Refer to <http://www.microsoft.com/technet/security/Bulletin/MS06-015.mspx>.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23641460 Feedback>).
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported in Microsoft Security Bulletin MS06-015. Microsoft credits NISCC with providing information regarding this vulnerability.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2006-0012 |
---|---|
Severity Metric: | 27.00 Date Public: |