[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.dll"Remote Code Exe cution Exploit
dshield at yaps4u.net
Wed Aug 17 20:39:12 GMT 2005
> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie
> (Paul Ferguson)
> Sent: Wednesday, August 17, 2005 9:33 PM
> To: list at lists.dshield.org
> Subject: [Dshield] 0-day exploit: Microsoft Internet Explorer
> "Msdds.dll"Remote Code Exe cution Exploit
> Uh oh.
> Via FrSIRT.
> Advisory : FrSIRT/ADV-2005-1450
> Rated as : Critical
> * Technical Description *
> A critical vulnerability was identified in Microsoft Internet
> Explorer, which could be exploited by remote attackers to
> execute arbitrary commands. This issue is due to a memory
> corruption error when instantiating the "Msdds.dll" object as
> an ActiveX control via its class identifier (CLSID), which
> could be exploited by an attacker to take complete control of
> an affected system via a specially crafted Web page.
> This vulnerability has been confirmed with Microsoft Internet
> Explorer 6 SP2 on Windows XP SP2 (fully patched).
> * Exploits *
> * Affected Products *
> Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
> Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
> Microsoft Internet Explorer 6 for Microsoft Windows Server
> 2003 Microsoft Internet Explorer 6 for Microsoft Windows
> Server 2003 SP1 Microsoft Internet Explorer 6 for Microsoft
> Windows Server 2003 for Itanium-based Systems Microsoft
> Internet Explorer 6 for Microsoft Windows Server 2003 with
> SP1 for Itanium-based Systems Microsoft Internet Explorer 6
> for Microsoft Windows Server 2003 x64 Edition Microsoft
> Internet Explorer 6 for Microsoft Windows XP Professional x64
> Edition Microsoft Internet Explorer 5.01 SP4 on Microsoft
> Windows 2000 SP4 Microsoft Internet Explorer 6 SP1 on
> Microsoft Windows 2000 SP4
> * Solution *
> The FrSIRT is not aware of any official supplied patch for this issue.
> * References *
So what happened to the concept of keeping these things under wraps until
the Vendor has had a chance to prepare a response/patch etc etc?
Something smells about this one...
More information about the list