Microsoft Windows fails to properly handle COM Objects. This vulnerability may allow a remote unauthenticated attacker to execute arbitrary code on a vulnerable system.
Microsoft COM is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft COM includes COM+, Distributed COM (DCOM), and ActiveX Controls.
A remote attacker may be able to execute arbitrary code on a vulnerable system. The attacker-supplied code would be executed with the privileges of the user running Windows Explorer.
Apply an Update
This vulnerability was reported in Microsoft Security Bulletin MS06-015. Microsoft credits NISCC with providing information regarding this vulnerability.
This document was written by Jeff Gennari.
|Date First Published:||2006-04-11|
|Date Last Updated:||2006-05-15 17:18 UTC|