Internet Explorer COM Objects Protection (MS05-052)
|Category:||Remote Code Execution|
|Vulnerable Systems:||Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Microsoft Security Bulletin MS05-052
A vulnerability exists in the way Internet Explorer handles certain Component Objects Models (COM) objects that are not designed to be instantiated in Internet Explorer. An attacker could exploit these vulnerabilities by creating a malicious Web page and persuading the user to visit the page or by sending it to a victim as an HTML email. Successful exploitation could result in remote code execution which would allow an attacker to take complete control of the affected system.
The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer as ActiveX controls, allow an attacker to take complete control of an affected system.
|Attack Detection:||Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined below will receive the following log entries:
Attack Name: Web Client Enforcement Violation
Microsoft Internet Explorer - Detected COM Object Vulnerability (MS05-052)
Users of VPN-1 NG with Application Intelligence R55 will receive rule 99807 on the SmartView Tracker screen.
Users of VPN-1 NG with Application Intelligence R55 and R55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking Online Update (R55 - Update Now) in the SmartDashboard General window.
To enable the protection:
|Additional Information:||This update also includes:
- This Update also includes an enhancement to the DCE-RPC over CIFS protection. For more information, please refer to CPAI-2005-136.
- Enhancement to the Microsoft Print Spooler Service Vulnerability Protection (MS05-043) - for more information, see CPAI-2005-118.