ASA-14-0512-4: COM Objects Remote Code Execution Vulnerability in Internet Explorer
Vulnerability summary:
| Severity rating: |
|
Critical |
| Date Published: |
|
December 13, 2005 |
| Software Vendor: |
|
Microsoft |
| Affected Software: |
|
Microsoft Internet Explorer |
| Affected OS: |
|
Windows XP (all), Windows Server 2003 (all), Microsoft Windows XP Professional x64 Edition, Windows 2000 (all), Windows 98 (incl. SE), Windows Millennium Edition (ME) |
| Unaffected with: |
|
- |
| Vulnerability class: |
|
Remote Code Execution |
| Status: |
|
Fixed |
Vulnerability details:
Tech brief:
Remote code execution vulnerability exists in how Microsoft Internet Explorer instantiates COM (Component Object Model) objects that are not intended to be instantiated in Internet Explorer. According to the Microsoft's report, an attacker could construct a malicious website and persuade people to visit it. By visiting an attacker's site, IE users may unwittingly trigger installation of arbitrary code. An attacker who successfully exploited this vulnerability could take complete control of an affected system. Users who access Web sites with administrator (root) accounts are more vulnerable than those using limited accounts to surf.
COM objects are shared functions that can be used by applications to perform tasks. These functions are commonly implemented as dynamic-link libraries (DLL). Applications may use shared DLLs to operate. Once a malicious component (DLL file) is started by a trusted application, malicious object may hijack, or modify a trusted program so that it performs unauthorized functions, including connecting to the internet and relaying critical data.
In order to exploit the vulnerability, an attacker would have to get people to visit the site by sending forged email or by displaying an inciting banner that lures people in. Once the attacker has succedded, he/she can execute whatever commands and applications on the affected system.
Vendor reference information:
Vendor details pertaining to the problem are available here: http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx
General Mitigating Recommendations:Install latest vendor patches available at http://windowsupdate.microsoft.com.
Do not visit doubtful sites or at least limit what executable content can be run on those murky sites.
Know how to identify Internet hoaxes and do not react to them. Try reporting cases to appropriate authorities.
Try using alternate browser such as Firefox or Opera.
How Outpost Firewall PRO protects you:
If enabled, Component Control would alert a user to potential problem allowing him to prevent DLL initiation.
Real-time spyware protection prevents spyware infestation.
Outpost protects the user's system from unauthorized access and intrusions, and alerts users when malicious code attempts to execute or access the network.
Disclaimer:
The information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn’t accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.
|
