Follow:

Exploit:Win/MSIE.BR549.RCE!CAN-2003-0530

Severity rating
Critical

Class/Type
Exploit

Discovered date
2006-10-03T00:00:00

Attack vector
Remote

Authentication required
No

Public exploits available
Yes

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in the ActiveX object, pdwizard.ocx. An attacker could exploit the vulnerability by constructing a specially crafted Web page.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system.



Technical details (analysis)

When Internet Explorer tries to instantiate certain COM objects as ActiveX Controls, the COM objects may corrupt the system state in such a way that an attacker could execute arbitrary code.



Affected software

Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Exploit:Win/MSIE.BR549.RCE!CAN-2003-0530
Release Date: 2006-10-03T00:00:00



Known false positives

No known false positives at this time.



Work-arounds

Prompt before running of ActiveX controls in the Internet and Intranet zones.
Restrict Web sites to only your trusted Web sites.