Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Internet Explorer COM Objects Protection (MS05-052)

Attack ID: CPAI-2005-148
Publish Date:
Last Update:
Category: Remote Code Execution
Vulnerable Systems: Microsoft Windows 2000 SP4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003 and Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition
Source:

Microsoft Security Bulletin MS05-052

Description:

A vulnerability exists in the way Internet Explorer handles certain Component Objects Models (COM) objects that are not designed to be instantiated in Internet Explorer. An attacker could exploit these vulnerabilities by creating a malicious Web page and persuading the user to visit the page or by sending it to a victim as an HTML email. Successful exploitation could result in remote code execution which would allow an attacker to take complete control of the affected system.

Severity:
Details:

The Microsoft DDS Library Shape Control (Msdds.dll) and other COM objects could, when instantiated in Internet Explorer as ActiveX controls, allow an attacker to take complete control of an affected system.

Attack Detection: Users of VPN-1 NG with Application Intelligence R55W, users of VPN-1 NGX R60 and users of InterSpect who have applied the solution outlined below will receive the following log entries:

Attack Name: Web Client Enforcement Violation
Attack Information
Microsoft Internet Explorer - Detected COM Object Vulnerability (MS05-052) 

Users of VPN-1 NG with Application Intelligence R55 will receive rule 99807 on the SmartView Tracker screen.
Solution:

Users of VPN-1 NG with Application Intelligence R55 and R55W, users of VPN-1 NGX R60 and users of InterSpect should update their SmartDefense by clicking Online Update (R55 - Update Now) in the SmartDashboard General window.

The Update protects against the vulnerability by blocking the malformed COM objects.

To enable the protection:

1. On the Web Intelligence tree, click click HTTP Client Protections and enable Microsoft Internet Explorer.

2. Check Block COM Objects (MS05-052) Vulnerability.



3. Install security policy on all modules.

Note: Depending on the traffic nature, this protection may be performance-intensive.

Industry Reference: CAN-2005-2127
Additional Information: This update also includes:

- This Update also includes an enhancement to the DCE-RPC over CIFS protection. For more information, please refer to CPAI-2005-136.

- Enhancement to the Microsoft Print Spooler Service Vulnerability Protection (MS05-043) - for more information, see CPAI-2005-118.