Lucene search

SAINT CorporationSAINT:A8A8377F668CEA3D02FDE90BE31938E9

HistoryFeb 24, 2006 - 12:00 a.m.

Internet Explorer COM object instantiation vulnerability

2006-02-2400:00:00

SAINT Corporation

download.saintcorporation.com

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.6%

JSON

Added: 02/24/2006
CVE: CVE-2005-1990
BID: 14511
OSVDB: 18612

Background

Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications.

Problem

Improper instantiation of certain COM objects as ActiveX controls by Internet Explorer leads to a buffer overflow which can result in command execution.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-038.

References

<http://www.microsoft.com/technet/security/Bulletin/MS05-038.mspx>

Limitations

This exploit requires a user to follow a link to the exploit from a vulnerable host. Exploit works on Internet Explorer 6.0.

Platforms

Windows 2000
Windows XP
Windows Server 2003

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.964 High

EPSS

Percentile

99.6%

JSON

Related for SAINT:A8A8377F668CEA3D02FDE90BE31938E9