Microsoft IE Remote Code Execution Exploit - Critical

Vikingod · Aug 18, 2005, 08:38 PM

A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.

Note : The affected library is installed with Microsoft Office and Microsoft Visual Studio. Only systems with the "Msdds.dll" library installed are vulnerable.

This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 and Office 2002 (msdds.dll version 7.0.9064.9112).
_____
Read More/Source: FrSIRT Advisory

Aug 18, 2005, 08:38 PM	#1
Vikingod Int'l Fish Liaison Join Date: Jul 2004 Location: By the light of lamp I sit and type... Posts: 16,187 Rep Power: 109 System Specs	Microsoft IE Remote Code Execution Exploit - Critical A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page. Note : The affected library is installed with Microsoft Office and Microsoft Visual Studio. Only systems with the "Msdds.dll" library installed are vulnerable. This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 and Office 2002 (msdds.dll version 7.0.9064.9112). _____ Read More/Source: FrSIRT Advisory __________________ *How You Can Help DriverHeaven By Using Digg*