A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to a memory corruption error when the "msdds.dll" (Microsoft DDS Library Shape Control) and other COM objects are instantiated in the Internet Explorer browser. For certain COM objects, e.g. "mdt2dd.dll" (Microsoft Design Tools PolyLine Control 2), the vulnerability is caused due to the failure of the memory allocator to zero the contents of heap memory allocated to new object instances. As a result, the object destructor may use the previous memory content as function pointers in its function calls.
Successful exploitation allows execution of arbitrary code, but requires that a user is tricked into visiting a malicious web site.
For a detailed list of affected COM objects, see the vendor advisory MS05-052.
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Windows COM Object Instantiation Memory Corruption Vulnerability
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.