Internet Explorer Javaprxy.dll heap overflow

2006-06-05T00:00:00
ID SAINT:DAC6C91170670984B710DF599C918879
Type saint
Reporter SAINT Corporation
Modified 2006-06-05T00:00:00

Description

Added: 06/05/2006
CVE: CVE-2005-2087
BID: 14087
OSVDB: 17680

Background

Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications. One such object, the JView Profiler (**Javaprxy.dll**), is a debugger interface for Microsoft Java Virtual Machine.

Problem

Internet Explorer is affected by a heap overflow vulnerability when the **Javaprxy.dll** COM object is instantiated, allow command execution by a malicious web page.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-037.

References

<http://www.kb.cert.org/vuls/id/939605>

Limitations

Exploit works if a vulnerable version of **javaprxy.dll** is present. A user must load the exploit page into Internet Explorer in order for exploitation to succeed.

Platforms

Windows