Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications. One such object, the JView Profiler (
**Javaprxy.dll**), is a debugger interface for Microsoft Java Virtual Machine.
Internet Explorer is affected by a heap overflow vulnerability when the
**Javaprxy.dll** COM object is instantiated, allow command execution by a malicious web page.
Apply the patch referenced in Microsoft Security Bulletin 05-037.
Exploit works if a vulnerable version of
**javaprxy.dll** is present. A user must load the exploit page into Internet Explorer in order for exploitation to succeed.