[Full-disclosure] COM objects and MSIE vulnerabilities recap + additional fix

Disclaimer: The information in this email is distributed WITHOUT ANY WARRANTY, TO THE EXTENT PERMITTED BY APPLICABLE LAW; without even the implied warranty of CORRECTNESS or FITNESS FOR A PARTICULAR PURPOSE. You know the drill... Affected products: Various COM objects when loaded in Microsoft...

CVE-2005-1990

Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, including 1 devenum.dll, 2 diactfrm.dll, 3...

CVE-2005-1990

CVE-2005-1990 affects Internet Explorer 5.0, 5.5, and 6.0. The vulnerability arises from improper instantiation of certain COM objects as ActiveX controls, causing a buffer/memory corruption in the host process and potentially enabling command execution or a crash. Affected components include a s...

MS Internet Explorer (blnmgr.dll) COM Object Remote Expl (MS05-038)

Exploit for unknown platform in category remote exploits ====================================================================== MS Internet Explorer blnmgr.dll COM Object Remote Exploit MS05-038 ====================================================================== !-- placed into html for your...

Multiple COM objects cause memory corruption in Microsoft Internet Explorer

Overview Microsoft Internet Explorer IE allows instantiation of COM objects not designed for use in the browser, which may allow a remote attacker to execute arbitrary code or crash IE. Description Microsoft COMMicrosoft COM is a technology that allows programmers to create reusable software...

Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability

Description Microsoft Internet Explorer is prone to a buffer-overflow vulnerability that is exposed when certain COM objects are instantiated as ActiveX controls. A malicious webpage could pass content to these objects to trigger memory corruption. Successful exploits could let remote attackers...

CVE-2004-2291

CVE-2004-2291 affects Microsoft Windows Internet Explorer 5.5 and 6.0. A remote attacker can run arbitrary code by delivering an embedded script that uses Shell Helper objects and a shortcut (link) to trigger the target script. No exploitation details are provided in the connected documents. No r...

CVE-2005-2414

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service application crash via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering...

[SA16282] Business Objects Enterprise / Crystal Reports Denial of Service

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

FreeBSD : mozilla -- privilege escalation via non-DOM property overrides (a6427195-c2c7-11d9-89f7-02061b08fc24)

A Mozilla Foundation Security Advisory reports : Additional checks were added to make sure JavaScript eval and Script objects are run with the privileges of the context that created them, not the potentially elevated privilege of the context calling them in order to protect against an additional...

Code execution through shared function objects — Mozilla

Improper cloning of base objects allowed web content scripts to walk up the prototype chain to get to a privileged object. This could be used to execute code with enhanced privileges...

VulnCheck KEV: CVE-2005-2087

Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects...

[Full-disclosure] SEC-CONSULT SA-20050629-0

SEC-CONSULT Security Advisory 20050629-0 ================================================================================== title: IE6 javaprxy.dll COM instantiation heap corruption vulnerability program: Internet Explorer vulnerable version: 6.0.2900.2180 homepage: www.microsoft.com found:...

CVE-2002-1918

CVE-2002-1918 describes a buffer overflow in Microsoft Active Data Objects (ADO) within Microsoft MDAC versions 2.5–2.7. The description identifies the vulnerability as enabling remote attackers to cause impact with unknown scope and unknown attack vectors; no concrete impact, vector, or remediat...

CVE-2005-1677

Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects...

[SA15421] Groove Virtual Office / Workspace Multiple Vulnerabilities

---------------------------------------------------------------------- Bist Du interessiert an einem neuen Job in IT-Sicherheit? Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT- Sicherheit: http://secunia.com/secuniavacancies/...

CVE-2005-1677

Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, and Groove Workspace before 2.5n build 1871 allows remote attackers to bypass restrictions on COM objects...

Groove Virtual Office COM objects may be accessed insecurely

Overview Groove Virtual Office may allow access restrictions on COM objects to be bypassed. Exploitation may allow an attacker to execute arbitrary code. Description Groove Virtual Office provides a collaborative working environment that includes shared documents, databases, and various other too...

CVE-2005-1532

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160...

USN-124-1: Mozilla and Firefox vulnerabilities

When a popup is blocked the user is given the ability to open that popup through the popup-blocking status bar icon and, in Firefox, through the information bar. Doron Rosenberg noticed that popups which are permitted by the user were executed with elevated privileges, which could be abused to...