Signature Detail

HTTP: Dangerous ClassID in ActiveX Object Type 41

This signature detects Web pages containing dangerous ActiveX CLSID references. Malicious Web sites can exploit a known vulnerability in Internet Explorer and gain control of client browsers.

Extended Description

Microsoft Internet Explorer is prone to a buffer overflow vulnerability that is related to instantiation of COM objects. Successful exploitation could let remote attackers execute arbitrary code in the context of the currently logged in user on the affected computer. This is a variant of the vulnerability described in BID 14511 Microsoft Internet Explorer COM Object Instantiation Buffer Overflow Vulnerability. The difference between this issue and BID 14511 is that a different set of COM objects are affected that were not addressed in the previous BID.

Affected Products

• ATI Catalyst Driver
• Avaya DefinityOne Media Servers R10
• Avaya DefinityOne Media Servers R11
• Avaya DefinityOne Media Servers R12
• Avaya DefinityOne Media Servers R6
• Avaya DefinityOne Media Servers R7
• Avaya DefinityOne Media Servers R8
• Avaya DefinityOne Media Servers R9
• Avaya DefinityOne Media Servers
• Avaya IP600 Media Servers R10
• Avaya IP600 Media Servers R11
• Avaya IP600 Media Servers R12
• Avaya IP600 Media Servers R6
• Avaya IP600 Media Servers R7
• Avaya IP600 Media Servers R8
• Avaya IP600 Media Servers R9
• Avaya IP600 Media Servers
• Avaya S3400 Message Application Server
• Avaya S8100 Media Servers R10
• Avaya S8100 Media Servers R11
• Avaya S8100 Media Servers R12
• Avaya S8100 Media Servers R6
• Avaya S8100 Media Servers R7
• Avaya S8100 Media Servers R8
• Avaya S8100 Media Servers R9
• Avaya S8100 Media Servers
• Avaya Unified Communication Center
• Microsoft Internet Explorer 5.0
• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.0.1 SP3
• Microsoft Internet Explorer 5.0.1 SP4
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0
• Microsoft Internet Explorer 6.0 SP1
• Microsoft .NET Framework 1.1
• Microsoft .NET Framework 1.1 SP1
• Microsoft .NET Framework 1.1 SP2
• Microsoft .NET Framework 1.1 SP3
• Microsoft Office 2000 SP1
• Microsoft Office 2000 SP2
• Microsoft Office 2000 SP3
• Microsoft Office 2000
• Microsoft Office XP SP1
• Microsoft Office XP SP2
• Microsoft Office XP SP3
• Microsoft Office XP Developer Edition
• Microsoft Project 2000
• Microsoft Project 2002 SP1
• Microsoft Project 2002
• Microsoft Project 2002
• Microsoft Project 2003 SP1
• Microsoft Project 2003
• Microsoft Project 98
• Microsoft Publisher 99
• Microsoft Visio 2002 SP1
• Microsoft Visio 2002 SP2
• Microsoft Visio 2002
• Microsoft Visio 2002 Professional SP2
• Microsoft Visio 2003 SP1
• Microsoft Visio 2003
• Nortel Networks CallPilot 3.0.0
• Nortel Networks CallPilot 4.0.0
• Nortel Networks Centrex IP Client Manager 2.5.0
• Nortel Networks Centrex IP Client Manager 7.0.0
• Nortel Networks Centrex IP Client Manager 8.0.0
• Nortel Networks Centrex IP Client Manager
• Nortel Networks Centrex IP Element Manager 2.5.0
• Nortel Networks Centrex IP Element Manager 7.0.0
• Nortel Networks Centrex IP Element Manager 8.0.0

References

• BugTraq: 15061
• CVE: CVE-2005-2127
• URL: http://www.microsoft.com/technet/Security/bulletin/ms05-052.mspx
• URL: http://www.us-cert.gov/cas/techalerts/TA05-221A.html