Check Point Advisories

Update Protection against COM Object Instantiation Memory Corruption Vulnerability (MS06-021)

Check Point Reference: CPAI-2006-073
Date Published: 5 Jul 2006
Severity: High
Last Updated: Sunday 06 May, 2007
Source: Microsoft Security Bulletin MS06-021
Industry Reference:CVE-2006-1303
Protection Provided by:
Who is Vulnerable? Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 6

Vulnerability Description A flaw was detected in the way Internet Explorer instantiates certain COM objects as ActiveX controls that are not meant to be instantiated in Internet Explorer. This can be exploited to execute arbitrary code when a malicious Web site is visited by the user.
COM (Component Object Model) objects are shared functions that can be used by applications to perform tasks. These functions are commonly implemented as dynamic link libraries (DLL). Any application can instantiate a COM object without knowing many details about the COM object's behavior or requirements. Once a malicious component (DLL file) is started by a trusted application, this object can cause the application to perform unauthorized functions.
Microsoft originally provided a patch for this vulnerability in MS06-013 but it has been superceded by the patch released with MS06-021.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS06-021
Vulnerability DetailsThe vulnerability is caused by improper instantiation of a COM object which can lead to memory corruption in the application. An attacker may leverage the vulnerability by convincing the target user to follow a malicious link to a crafted HTML page. This may allow injection and execution of arbitrary code within the security context of the currently logged in user.

Protection Overview

This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.