FrSIRT have identified a critical vulnerability with Internet Explorer 6 for Windows XP SP1 and SP2.
The problem could be exploited by remote attackers to execute arbitrary commands. The issue is due to a memory corruption error when instantiating the "Msdds.dll" (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.
Unfortunately for users of Internet Explorer 6 there is 0day Exploit Code readily available for would be hackers to create web pages. We have contacted Microsoft for a response but at the time of writing we have not received one. We will update the story accordingly.
View: FrSIRT AdvisoryRead full story...
News source:
Full Story
Linear Mode
