Follow:

Exploit:Win/MSIE.LViewProfiler.RCE!CVE-2005-2087

Severity rating
Critical

Class/Type
Exploit

Discovered date
2011-02-07T14:04:48

Attack vector
Remote

Authentication required
No

Public exploits available
No

Signature detection
Medium



On this page




Description

A remote code execution vulnerability exists in JView Profiler. An attacker could exploit the vulnerability by constructing a malicious Web page that could potentially allow remote code execution if a user visited the malicious Web site. An attacker who successfully exploited this vulnerability could take complete control of an affected system.



Impact

An attacker who successfully exploited this vulnerability could take complete control of the affected system. In a Web-based attack scenario, an attacker would host a Web site that exploits this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's site. It could also be possible to display malicious Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.



Technical details (analysis)

JView Profiler is a debugger interface for Microsoft Java Virtual Machine (MSJVM). For more information about the Microsoft Java Virtual Machine (MSJVM), When Internet Explorer tries to instantiate the JView Profiler (Javaprxy.dll) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker could execute arbitrary code. An attacker could host a malicious Web site that is designed to exploit this vulnerability through Internet Explorer and then persuade a user to view the Web site.



Affected software

Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4.
Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1.
Internet Explorer 6 for Microsoft Windows XP Service Pack 2.
Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1.
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems.
Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition.
Internet Explorer 5.5 Service Pack 2 on Microsoft Windows Millennium Edition.
Internet Explorer 6 Service Pack 1 on Microsoft Windows 98, on Microsoft Windows 98 SE or on Microsoft Windows Millennium Edition



Non-affected software

All applications not on the affected list.



References




Solutions




NIS signature

Name: Exploit:Win/MSIE.LViewProfiler.RCE!CVE-2005-2087
Release Date: 2011-02-07T14:04:48



Known false positives

No known false positives at this time.



Work-arounds

Un-register the Javaprxy.dll COM Object
Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX controls in these zones.
Configure Internet Explorer to prompt before running ActiveX controls or disable ActiveX controls in the Internet and Local intranet security zone
Modify the Access Control List on Javaprxy.dll to be more restrictive.
Restrict access to Javaprxy.dll in Internet Explorer by using a Software Restriction Policy.
Remove the Microsoft Java Virtual Machine from your system using the Java Removal Tool