Internet Explorer fails to properly check the kill bit for ActiveX controls, which may allow a remote attacker to execute arbitrary code on a vulnerable system.
Microsoft COM is a technology that allows programmers to create reusable software components that can be incorporated into applications to extend their functionality. Microsoft COM includes COM+, Distributed COM (DCOM), and ActiveX Controls.
Depending on which control an attacker uses, the impact will vary. By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user (e.g., VU#29795, VU#939605). An attacker may also be able to create or edit arbitrary files (e.g., VU#9162, VU#23412), access local configuration data (e.g. VU#1673), or take other actions.
Apply an update
This vulnerability was reported by Will Dormann
This document was written by Will Dormann.
|Date First Published:||2006-01-26|
|Date Last Updated:||2006-01-31 21:09 UTC|