Oval Definition:oval:org.mitre.oval:def:1518
Revision Date:2014-02-24Version:48
Title:IE6:S03 Java Proxy COM Object Instantiation Memory Corruption Vulnerability
Description:Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
Family:windowsClass:vulnerability
Status:ACCEPTEDReference(s):CVE-2005-2087
Platform(s):Microsoft Windows Server 2003
Product(s):Microsoft Internet Explorer
Definition Synopsis
  • Internet Explorer 6 for Windows Server 2003 is installed
  • AND a vulnerable version of mshtml.dll exisits
  • a vulnerable version of mshtml.dll exists
  • 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed
  • 32-Bit version of Windows is installed
  • OR a version of Windows for the ia64 architecture is installed
  • AND NOT Win2K/XP/2003 is patched
  • AND the version of mshtml.dll is less than 6.0.3790.373
  • OR a vulnerable version of mshtml.dll exists
  • 32-bit version of Windows or 64-bit (itanium architecture) version of Windows is installed
  • 32-Bit version of Windows is installed
  • OR a version of Windows for the ia64 architecture is installed
  • AND Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of mshtml.dll is less than 6.0.3790.2491
  • OR a vulnerable version of mshtml.dll exists
  • 64-Bit (x64 architecture) version of Windows is installed
  • AND Win2K/XP/2003/Vista service pack 1 is installed
  • AND the version of mshtml.dll is less than 6.0.3790.2491
  • AND ActiveX controls and active scripting are enabled
  • current user settings are being used and ActiveX controls and active scripting are enabled
  • NOT use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the current user
  • AND active scripting is enabled for the current user
  • OR local machine settings are being used and ActiveX controls and active scripting are enabled
  • use machine settings rather than individual user settings
  • AND ActiveX controls are enabled for the local machine
  • AND active scripting is enabled for the local machine
    • BACK