AOH :: Windows Net Apps :: B06-4270.HTM

AOH :: Windows Net Apps :: B06-4270.HTM
Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability

Crazy Slots Download
: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability : Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability


Advisory ID:
XSec-06-03

Advisory Name:
Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability

Release Date:
08/15/2006

Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows XP SP2 CN

Affected version:
Internet Explorer 6.0

Author:
nop 
http://www.xsec.org 

Overview:
A vulnerability has been found in Internet Explorer 6.0. \
When Internet Explorer tries to instantiate the CHTSKDIC.DLL \
(Microsoft IME) COM object as an ActiveX control, it may corrupt \
system memory in such a way that an attacker may DoS and possibly \
could execute arbitrary code.

Exploit:
=============== CHTSKDIC.DLL.htm start ===============






=============== CHTSKDIC.DLL.htm end =================
Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9 

About XSec:
We are redhat.

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2010 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.