Microsoft Internet Explorer fails to properly handle directories with CLSID extensions. This may allow an attacker to bypass the warning dialog that Internet Explorer should display before executing downloaded code.
According to Microsoft MSDN, A CLSID is a "globally unique identifier (GUID) associated with an OLE class object."
By convincing a user to access a specially crafted web page with Internet Explorer, an attacker may be able to execute arbitrary code with the privileges of the user.
Apply an update
Do not follow unsolicited links
- [<a href="http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj">http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060627/3d930eda/ PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.obj</a>]
This vulnerability was publicly disclosed by Plebo Aesdi Nael.
This document was written by Will Dormann.
|Date First Published:||2006-06-29|
|Date Last Updated:||2006-08-08 19:07 UTC|