| Name | MS.IE.Javaprxy.dll.Object.Instantiation.Heap.Overflow |
| Release Date | Jun 29, 2005 |
| Severity | Low |
| Impact | System compromise: remote code execution. |
| Description | This indicates an attempt to exploit a heap-based buffer overflow vulnerability in Microsoft Internet Explorer.
The vulnerability is in the Javaprxy.dll COM object. It is a result of the IE browser's failure to sanitize embedded CLSIDs that reference certain COM objects in a web page. An attacker may plant a web page containing a malicious script, and persuade a victim to visit the web page by sending it as an HTML email or URL link. Successful exploitation allows the execution of arbitrary code, but requires that the file "javaprxy.dll" exist on the system. |
| Affected Products | Internet Explorer 6.0 SP2 and earlier versions. |
| Recommended Actions | Apply the security patch that is specified in Microsoft bulletin ms05-037.mspx |
| Common Vulnerabilities and Exposures (CVE) | http://cve.mitre.org/cgi-bin/cvename.cgi?name=2005-2087
|
| Reference/s | http://www.securityfocus.com/bid/14087 (BugTraq)
|