Info

Disclosure

Aug 15, 2006

Discovery

Unknown

Dates

Exploit

Aug 15, 2006

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw related to the instantiation of the msoe.dll COM that may allow an attacker to execute arbitrary code.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Workaround
Exploit: Exploit Rumored

Solution

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): disable ActiveX

Products

Microsoft Corporation

Internet Explorer

6.0

References

Bugtraq ID: 19530
CVE ID: 2006-4193 (see also: NVD)
ISS X-Force ID: 28439
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0319.html
Other Advisory URL: http://www.xsec.org/index.php?module=releases&act=view&type=1&id=10

Credit

nop - nopxsec.org - XSec

Direct URL: http://osvdb.org/29347