Update Protection against COM Object Instantiation Vulnerability (MS06-013)

Microsoft Internet Explorer allows instantiation of COM objects that are not designed for use in the browser. This may allow a remote attacker to execute arbitrary code or crash the browser. COM Component Object Model objects are shared functions that can be used by applications to perform tasks...

Microsoft Internet Explorer 6 - ADODB.Recordset Filter Property Denial of Service

source: https://www.securityfocus.com/bid/18773/info Microsoft Internet Explorer is prone to a denial-of-service condition when processing the 'ADODB.Recordset Filter Property' COM object. A successful attack may cause the browser to fail due to a null-pointer dereference. Microsoft Internet...

Cross site scripting

Cross-Application Scripting XAS vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object...

CVE-2006-2303

Cross-Application Scripting XAS vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object...

Microsoft Windows shell code execution

COM object can execute code. Can be used for hidden malware installation with Internet Explorer...

Microsoft Windows Shell COM Object Remote Code Execution Vulnerability

Description Microsoft Windows Shell is prone to a remote code-execution vulnerability. This issue is due to a flaw in its handling of remote COM objects. Remote attackers may exploit this issue to execute arbitrary machine code in the context of the targeted user. This may facilitate the remote...

Microsoft Internet Explorer COM Object Instantiation Code Execution Vulnerability

Description Microsoft Internet Explorer is prone to a memory-corruption vulnerability that is related to the instantiation of COM objects. This issue results from a design error. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX...

Internet Explorer COM object instantiation vulnerability

Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...

Internet Explorer COM object instantiation vulnerability

Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...

CVE-2005-4845

The Java Plug-in 1.4.203 and 1.4.204 controls, and the 1.4.203 and 1.4.204 redirector controls, allow remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet...

CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...

CVE-2005-2831

CVE-2005-2831 affects Microsoft Internet Explorer 5.01, 5.5 and 6 via a Memory Corruption in the COM object instantiation process when a page embeds certain CLSIDs. An attacker could host a malicious page that causes remote code execution by instantiating COM objects not intended for IE, potentia...

Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory corruption vulnerability that is related to the instantiation of COM objects. COM objects may corrupt system memory and facilitate arbitrary code execution in the context of the currently logged in user on the affected computer...

Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods

Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...

Microsoft Design Tools COM object uninitialized memory reference

CPolyCtrl class destructor attempts to call a function by the pointer from uninitialized dynamic memory region...

Multiple Microsoft Internet Explorer vulnerabilities

Memory corruption on JPEG files parsing, memory corruption on COM object installation, crossite scripting with Web folders...

Microsoft Visual Studio .NET - msdds.dll Remote Code Execution

Microsoft Visual Studio .NET - msdds.dll Remote Code Execution source: https://www.securityfocus.com/bid/14594/info Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a buffer overflow that is exposed during COM object...

Microsoft Visual Studio .NET - 'msdds.dll' Remote Code Execution

source: https://www.securityfocus.com/bid/14594/info Microsoft Visual Studio .NET is prone to a vulnerability that could allow remote arbitrary code execution. This is due to a buffer overflow that is exposed during COM object instantiation. The list of vulnerable packages has been updated to...

CVE-2005-1990

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including 1 devenum.dll, 2 diactfrm.dll, 3...

Microsoft Internet Explorer - blnmgr.dll COM Object Remote (MS05-038)

Microsoft Internet Explorer - blnmgr.dll COM Object Remote MS05-038 !-- placed into html for your testing. /str0ke !/usr/bin/perl Internet Explorer COM Objects Instantiation Proof of Concept Exploit MS05-038 Bindshell on port 28876 - Based and ripped from Berend-Jan Wever's IE Exploit Vulnerable...