Check Point Advisories

Update Protection against COM Object Instantiation Vulnerability (MS06-013)

Check Point Reference: CPAI-2006-072
Date Published: 5 Jul 2006
Severity: High
Last Updated: Sunday 06 May, 2007
Source:

Microsoft Security Bulletin MS06-013

Industry Reference:CVE-2006-1186
Protection Provided by:
Who is Vulnerable? Internet Explorer 5.01 SP4, 6 SP1; and prior service packs
Vulnerability Description Microsoft Internet Explorer allows instantiation of COM objects that are not designed for use in the browser. This may allow a remote attacker to execute arbitrary code or crash the browser.

COM (Component Object Model) objects are shared functions that can be used by applications to perform tasks. These functions are commonly implemented as dynamic link libraries (DLL). Any application can instantiate a COM object without knowing many details about its behavior or requirements. Once a malicious component (DLL file) is started by a trusted application, this object can cause the application to perform unauthorized functions.
Update/Patch AvaliableApply patches:
Microsoft Security Bulletin MS06-013
Vulnerability DetailsThe issue is due to memory corruption errors when instantiating certain COM objects as ActiveX controls, which could be exploited by remote attackers to execute arbitrary code or crash Internet Explorer.

Protection Overview

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK