SAINT CorporationSAINT:2E9A3183447CA993F4758CD9C133FBACInternet Explorer tblinf32.dll ActiveX IObjectsafety vulnerability
0.937 High
EPSS
Percentile
98.9%
Added: 08/17/2007
CVE: CVE-2007-2216
BID: 25289
OSVDB: 36396
Background
The IObjectsafety interface provides methods to get and set safety options for objects which support untrusted clients.
Problem
The tblinf32.dll ActiveX control implements IObjectsafety incorrectly, allowing execution of code from arbitrary DLLs when a user loads a specially crafted web page.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 07-045.
References
<http://www.microsoft.com/technet/security/bulletin/ms07-045.mspx>
Limitations
Exploit works on Microsoft Visual Studio 6.0 on Windows 2000 and XP and requires a user to load the exploit page into Internet Explorer 6 or 7.
As a prerequisite for this exploit, the exploit DLL must be placed on an SMB share which is accessible by the target. To do so, first start the exploit, then download the file http://address:port/exploit1.dll, where address is the address of the SAINTexploit host and port is the exploit port, and save exploit1.dll on the SMB share.
When running the exploit, the share should be specified as COMPUTER/SHARE, where COMPUTER is the NetBIOS name of the computer and SHARE is the name of the share.
Platforms
Windows
Related
