Microsoft IE imskdic.dll COM Object Instantiation Code Execution

2006-08-15T04:15:18
ID OSVDB:29345
Type osvdb
Reporter nop(nop@xsec.org)
Modified 2006-08-15T04:15:18

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw related to the instantiation of the imskdic.dll COM that may allow an attacker to execute arbitrary code.

Technical Description

It is currently unknown whether the vulnerability is an issue of Microsoft Internet Explorer or the respective dll. The dll is part of Input Method Editor (IME). If this product is not installed, Internet Explorer is not vulnerable.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): disable ActiveX

Short Description

Microsoft Internet Explorer contains a flaw related to the instantiation of the imskdic.dll COM that may allow an attacker to execute arbitrary code.

References:

Other Advisory URL: http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0308.html ISS X-Force ID: 28436 CVE-2006-4193 Bugtraq ID: 19521