Info

Disclosure

Dec 13, 2005

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to corrupt memory. The issue is triggered when the user accesses a maliciously crafted web page that instantiates COM objects which were not intended for use with IE, as ActiveX controls. It is possible that the flaw may allow for arbitrary code execution resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Disable ActiveX controls

Products

Microsoft Corporation	Internet Explorer	5.01 SP4
		6.x
		5.5 SP2

References

Security Tracker: 1015348
OVAL ID: 1426 1475 1520 1543 1558 1597
Secunia Advisory ID: 15368 18064 18311
Bugtraq ID: 15827
CVE ID: 2005-2831 (see also: NVD)
Related OSVDB ID: 21760 21761 21762
ISS X-Force ID: 23453
VUPEN Advisory: ADV-2005-2867
Keyword: aka a variant of the "COM Object Instantiation Memory Corruption Vulnerability"
Other Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2005-234.pdf
http://www.us-cert.gov/cas/techalerts/TA05-347A.html
Vendor Specific Advisory URL: http://www130.nortelnetworks.com/cgi-bin/eserv/cs/main.jsp?cscat=BLTNDETAIL&DocumentOID=375525&RenditionID=
Microsoft Security Bulletin: MS05-054

Credit

Will Dormann - -

Direct URL: http://osvdb.org/21763

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit