AOH :: HP Unsorted V :: B06-4314.HTM

Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability



: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability
: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability



Advisory ID:
XSec-06-07

Advisory Name:
Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability

Release Date:
08/18/2006

Tested on:
Visual Studio 6.0/Internet Explorer 6.0 SP1

Affected version:
Visual Studio 6.0

Author:
nop 
http://www.xsec.org 

Overview:
Multiple vulnerability has been found in Visual Studio 6.0 \
When Internet Explorer tries to instantiate the TCPROPS.DLL, \
FP30WEC.DLL,mdt2db.dll,mdt2qd.dll,VI30AUT.DLL (Visual Stuido \
6.0) COM object as an ActiveX control, it may corrupt system \
memory in such a way that an attacker may DoS and possibly \
could execute arbitrary code.

Exploit:
=============== vs6.htm start ===============



 
 
 
 
 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.