Microsoft Security Advisory (906267) Updated: August 25, 2005

Discussion in 'other security issues & news' started by NICK ADSL UK, Aug 27, 2005.

Thread Status:
Not open for further replies.
  1. NICK ADSL UK

    NICK ADSL UK Administrator

    Joined:
    May 13, 2003
    Posts:
    9,217
    Location:
    UK
    Microsoft Security Advisory (906267)
    A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit
    Published: August 18, 2005 | Updated: August 25, 2005

    Microsoft is investigating new public reports of a possible vulnerability in Internet Explorer. We are not aware of attacks that try to use the reported vulnerabilities or of customer impact at this time. Microsoft is aggressively investigating the public reports.

    The Microsoft DDS Library Shape Control (Msdds.dll) is a COM object that could, when called from a Web page displayed in Internet Explorer, cause Internet Explorer to unexpectedly exit. This condition could potentially allow remote code execution if a user visited a malicious Web site. This COM Object is not marked safe for scripting and is not intended for use in Internet Explorer.

    Customers who use the initial release of Microsoft Visual Studio 2002 are at risk from this vulnerability and are encouraged to apply Microsoft Visual Studio 2002 Service Pack 1 from the following download location. Customers who use Microsoft Office XP Service Pack 3, while not affected by default, may be at risk. See the Frequently Asked Question “I am running Microsoft Office XP Service Pack 3, am I affected by this vulnerability?” for additional details on what configurations expose the vulnerability. All customers are recommended to review the Suggested Actions section for information on how to help protect their systems from attacks leveraging this vulnerability.

    Upon completion of this investigation, Microsoft will take the appropriate action to help protect our customers. This may include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

    Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk. We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests. This practice helps to ensure that customers receive comprehensive, high-quality updates for security vulnerabilities without exposure to malicious attackers while the update is being developed.

    http://www.microsoft.com/technet/security/advisory/906267.mspx
     
Loading...
Thread Status:
Not open for further replies.