Lucene search
SAINT CorporationSAINT:7D756779819D974B420093C20D03CB4BHistoryFeb 24, 2006 - 12:00 a.m.
Internet Explorer COM object instantiation vulnerability
2006-02-2400:00:00
SAINT Corporation
www.saintcorporation.com
13
0.965 High
EPSS
Percentile
99.5%
Added: 02/24/2006
CVE: CVE-2005-1990
BID: 14511
OSVDB: 18612
Background
Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications.
Problem
Improper instantiation of certain COM objects as ActiveX controls by Internet Explorer leads to a buffer overflow which can result in command execution.
Resolution
Apply the patch referenced in Microsoft Security Bulletin 05-038.
References
<http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx>
Limitations
This exploit requires a user to follow a link to the exploit from a vulnerable host. Exploit works on Internet Explorer 6.0.
Platforms
Windows 2000
Windows XP
Windows Server 2003
Related
saint
saint
Internet Explorer COM object instantiation vulnerability
2006-02-24 00:00:00
Internet Explorer COM object instantiation vulnerability
2006-02-24 00:00:00
Internet Explorer COM object instantiation vulnerability
2006-02-24 00:00:00
securityvulns
securityvulns
checkpoint_advisories
checkpoint_advisories
cve
cve
CVE-2005-1990
2005-08-10 04:00:00
nessus
nessus
MS05-038: Cumulative Security Update for Internet Explorer (896727)
2005-08-09 00:00:00
cert
cert
Multiple COM objects cause memory corruption in Microsoft Internet Explorer
2005-08-09 00:00:00