vendor:
Internet Explorer
by:
nop (nop#xsec.org)
7.5
CVSS
HIGH
Heap Buffer-Overflow Vulnerability
119
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.01
Affected Version To: Microsoft Internet Explorer 6.0
Patch Exists: YES
Related CWE: N/A
CPE: a:microsoft:internet_explorer
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 2000 SP4/XP SP2/2003 SP1
2005
Internet Explorer (daxctle.ocx) Heap Overflow Vulnerability
Microsoft Internet Explorer is prone to a heap buffer-overflow vulnerability. The vulnerability arises because of the way Internet Explorer tries to instantiate certain COM objects as ActiveX controls. An attacker can exploit this issue to execute arbitrary code within context of the affected application. Failed exploit attempts will result in a denial-of-service condition.
Mitigation:
Ensure that all security patches released by the vendor are applied to the affected system.
