[Dshield] 0-day exploit: Microsoft Internet Explorer"Msdds.dll"Remote Code Exe cution Exploit

Brance Amussen brance at jhu.edu
Thu Aug 18 02:04:18 GMT 2005


 
I don't think so, I searched 3 machines for the file, none of which had VS installed. The file resides in the microsoft common files folder on all of them. 
I think almost all MS programs use this dll. 

Brance :)_S



-----Original Message-----
From: list-bounces at lists.dshield.org on behalf of David Taylor
Sent: Wed 8/17/2005 6:35 PM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] 0-day exploit: Microsoft Internet Explorer"Msdds.dll"Remote Code Exe	cution Exploit
 
Microsoft Visual Studio .NET msdds.dll Remote Code Execution Vulnerability
http://www.securityfocus.com/bid/14594/info

I guess this is only if you have Visual Studio .NET installed?



==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
LTR at ISC.UPENN.EDU               (215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org


-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Fergie (Paul Ferguson)
Sent: Wednesday, August 17, 2005 4:33 PM
To: list at lists.dshield.org
Subject: [Dshield] 0-day exploit: Microsoft Internet Explorer
"Msdds.dll"Remote Code Exe cution Exploit


Uh oh.

Via FrSIRT.

Advisory : FrSIRT/ADV-2005-1450
Rated as : Critical
http://www.frsirt.com/english/advisories/2005/1450

 * Technical Description *

A critical vulnerability was identified in Microsoft Internet Explorer,
which could be exploited by remote attackers to execute arbitrary commands.
This issue is due to a memory corruption error when instantiating the
"Msdds.dll" object as an ActiveX control via its class identifier (CLSID),
which could be exploited by an attacker to take complete control of an
affected system via a specially crafted Web page.

This vulnerability has been confirmed with Microsoft Internet Explorer 6 SP2
on Windows XP SP2 (fully patched).

 * Exploits *

http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

 * Affected Products *

Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 for
Itanium-based Systems
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 for
Itanium-based Systems
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64
Edition
Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4 

 * Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

 * References *

http://www.frsirt.com/english/advisories/2005/1450 
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

Exploit:
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

- ferg





--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list






-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: ATT08963.txt
Url: http://www.dshield.org/pipermail/list/attachments/20050817/11afb7ed/ATT08963.txt


More information about the list mailing list