OSVDB ID: 34399

Title: Microsoft IE COM Object Instantiation Memory Corruption (931768)

Info

Disclosure
May 08, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Unknown

Description

 A remote memory corruption flaw exists in Windows. Internet Explorer fails to properly instantiate some COM objects resulting in memory corruption. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Classification

 Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: OSVDB Verified

Solution

 Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Windows

 2000 SP4
XP SP2
XP Professional x64
XP Professional x64 SP2
Vista
Vista x64 Edition

Windows Server

 2003 SP1
2003 SP2
2003 SP1 for Itanium
2003 SP2 for Itanium
2003 x64 Edition SP1
2003 x64 Edition SP2

References

Credit

Unknown or Incomplete


Direct URL: http://osvdb.org/34399