OSVDB ID: 36396

Title: Microsoft IE ActiveX tblinf32.dll Unspecified Arbitrary Code Execution

Info

Disclosure
Aug 14, 2007

Discovery
Unknown

Dates

Exploit
Unknown

Solution
Aug 14, 2007

Description

 Internet Explorer contains a flaw that may permit a remote attacker to execute arbitrary code via unknown attack vectors. The issue is the result of an incorrect IObjectsafety implementation and MS VB6 objects. It is possible that the flaw may result in a loss of integrity.

Classification

 Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation, Other
Impact: Loss of Integrity
Exploit: Exploit Commercial
Disclosure: OSVDB Verified, Vendor Verified

Solution

 Microsoft has released MS07-045 to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): prevent COM objects from running in IE and/or configure Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.

Products

Microsoft Corporation

Internet Explorer

 5.0 1
6 SP1
7

References

Credit
  • Brett Moore - brett.mooresecurity-assessment.com - Security Assessment


Direct URL: http://osvdb.org/36396