OSVDB ID: 17680

Title: Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution

Info

Disclosure

Jun 29, 2005

Discovery

Jun 17, 2005

Dates

Exploit

Jul 02, 2005

Solution

Jul 12, 2005

Description

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Public, Exploit Commercial
Disclosure: Vendor Verified, Uncoordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Unknown or Incomplete

References

Security Tracker: 1014329
Milw0rm: 1079
Exploit Database: 1079
Bugtraq ID: 14087
Secunia Advisory ID: 15891
CVE ID: 2005-2087 (see also: NVD)
ISS X-Force ID: 21193
Microsoft Knowledge Base Article: 903235
CERT VU: 939605
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0018.html
http://archives.neohapsis.com/archives/bugtraq/2005-07/0036.html
http://archives.neohapsis.com/archives/fulldisclosure/2005-06/0360.html
Other Advisory URL: http://www.info-directory.info/Article882.html
http://www.niscc.gov.uk/niscc/docs/br-20050701-00536.html?lang=en
http://www.sec-consult.com/184.html
http://www.us-cert.gov/cas/techalerts/TA05-193A.html
Vendor Specific Advisory URL: http://www.microsoft.com/technet/security/advisory/903144.mspx
Generic Exploit URL: http://www.saintcorporation.com/cgi-bin/exploit_info/ie_javaprxy
Microsoft Security Bulletin: MS05-037
Keyword: SEC-CONSULT SA-20050629-0

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/17680