|
Posted by John McGaw on August 18, 2005, 10:51 am
If you were Registered and logged in, you could reply and use other advanced thread options
Shinerweb wrote:
> I'm surprised to read this tonight:
> First I have heard of it, and makes me wonder if there is any truth to it:
>
> http://www.frsirt.com/english/advisories/2005/1450
>
> FrSIRT Advisory : FrSIRT/ADV-2005-1450
> CVE Reference : GENERIC-MAP-NOMATCH
> Rated as : Critical
> Remotely Exploitable : Yes
> Locally Exploitable : Yes
> Release Date : 2005-08-17
>
> * Technical Description *
>
> A critical vulnerability was identified in Microsoft Internet Explorer,
> which could be exploited by remote attackers to execute arbitrary commands.
> This issue is due to a memory corruption error when instantiating the
> "Msdds.dll" object as an ActiveX control, which could be exploited by an
> attacker to take complete control of an affected system via a specially
> crafted Web page.
>
In the same vein:
http://news.zdnet.com/2100-1009_22-5837611.html?tag=zdfd.newsfeed
The original French report says that the file is installed with Visual
Studio. To which I can add that the file in question seems to be
installed with the ubiquitous Office 2003 (possibly other versions too)
which means that if it is a hole it is a big one.
John McGaw
http://johnmcgaw.com
[Knoxville, TN, USA]
| 
XML site map