Internet Explorer Content Advisor memory corruption

2007-06-20T00:00:00
ID SAINT:EA3258055E112C6DC3640FAD3EBBF3D0
Type saint
Reporter SAINT Corporation
Modified 2007-06-20T00:00:00

Description

Added: 06/20/2007
CVE: CVE-2005-0555
BID: 13117
OSVDB: 15466

Background

The Content Advisor is used to control what content is viewable in Internet Explorer.

Problem

A memory corruption vulnerability in the Content Advisor allows command execution when a user loads a specially crafted page in Internet Explorer.

Resolution

Apply the cumulative update referenced in Microsoft Security Bulletin 05-020.

References

<http://www.kb.cert.org/vuls/id/222050>

Limitations

Exploit works with Internet Explorer 6 and requires a user to load the exploit page. The Content Advisor must be enabled and configured in order for this exploit to succeed.

Platforms

Windows