Internet Explorer COM object instantiation vulnerability

Added: 02/24/2006 CVE: CVE-2005-1990 BID: 14511 OSVDB: 18612 Background Windows operating systems use the Component Object Model COM to allow various program components to be run within different applications. Problem Improper instantiation of certain COM objects as ActiveX controls by Internet...

Microsoft Internet Explorer does not honor ActiveX kill bit

Overview Internet Explorer fails to properly check the kill bit for ActiveX controls, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software components that can ...

CVE-2005-4841

The Outlook Progress Ctl control allows remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer...

CVE-2005-4845

The Java Plug-in 1.4.203 and 1.4.204 controls, and the 1.4.203 and 1.4.204 redirector controls, allow remote attackers to cause a denial of service Internet Explorer crash by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet...

Without a password to view the martial arts world list statistics user information-bug warning-the black bar safety net

With the 50bang this statistic for some time, the user information can be set freely statistical information is disclosed. But often go to the statistics of the station to see the statistical charts of people who might know a little, just click on the list of those sites, the more information it...

See me for the privilege with a vulnerability to enhance computer control-vulnerability warning-the black bar safety net

Allegedly Windows COM structure there is a security problem, the local orremote attackcan use this vulnerability to elevate privileges or execute arbitrary instructions. AffectedOSand procedures when processing COM structured storage file, the access to the shared memory exists in the way that...

CVE-2005-2831

CVE-2005-2831 affects Microsoft Internet Explorer 5.01, 5.5 and 6 via a Memory Corruption in the COM object instantiation process when a page embeds certain CLSIDs. An attacker could host a malicious page that causes remote code execution by instantiating COM objects not intended for IE, potentia...

CVE-2005-2831

Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not intended for use within Internet Explorer, aka a variant of t...

US-CERT Technical Cyber Security Alert TA05-347A -- Microsoft Internet Explorer Vulnerabilities

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Technical Cyber Security Alert TA05-347A Microsoft Internet Explorer Vulnerabilities Original release date: December 13, 2005 Last revised: -- Source: US-CERT Systems Affected Microsoft Windows Microsoft Internet Explorer For more complete information...

Microsoft Internet Explorer COM Object Instantiation Memory Corruption Vulnerability

Description Microsoft Internet Explorer is prone to a memory corruption vulnerability that is related to the instantiation of COM objects. COM objects may corrupt system memory and facilitate arbitrary code execution in the context of the currently logged in user on the affected computer...

Detect CIS ports

This detects the CIS ports by connecting to the server and processing the buffer received. CIS COM+ Internet Services are RPC over HTTP tunneling and requires IIS to operate. CIS ports shouldn't be visible on internet but only behind a firewall. If you do not use this service, then disable it as ...

Microsoft BlnMgr Proxy (blnmgrps.dll) COM object fails to implement required methods

Overview The Microsoft BlnMgr Proxy COM object fails to implement the methods required by the IDispatch interface, which may allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable...

Microsoft Design Tools COM object uninitialized memory reference

CPolyCtrl class destructor attempts to call a function by the pointer from uninitialized dynamic memory region...

Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution (902400)

Microsoft Security Bulletin MS05-051 Vulnerabilities in MSDTC and COM+ Could Allow Remote Code Execution 902400 Published: October 11, 2005 Version: 1.0 Summary Who should read this document: Customers who use Microsoft Windows Impact of Vulnerability: Remote Code Execution Maximum Severity Ratin...

CVE-2005-1978

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code...

CVE-2005-1978

COM+ in Microsoft Windows does not properly "create and use memory structures," which allows local users or remote attackers to execute arbitrary code...

CVE-2005-1978

CAN-2005-1978 pertains to a COM+ vulnerability in Windows (MS04-era MS05-051 context) where the COM+ component creates/uses memory structures in a way that could allow remote code execution and local privilege escalation. The linked MS05-051 bulletin confirms affected platforms include Windows 20...

Microsoft Internet Explorer COM Object Instantiation Variant Vulnerability

Description Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is related to instantiation of COM objects. Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user on the affected computer. This is a variant...

Microsoft MSDTC COM+ Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a vulnerability in the COM+ Component Object Model functionality of the MSDTC Microsoft Distribution Transaction Coordinator service. This issue may permit remote and local attackers to execute arbitrary code in the context of the service. This issue may ...

Microsoft COM+ contains a memory management flaw

Overview Microsoft COM+ contains a vulnerability due to a memory management flaw that may allow an attacker to take complete control of an affected system. Description Microsoft gives the following definition of COM+: COM+ is the next step in the evolution of the Microsoft Component Object Model...