Sharing Security Developments, and Best Practices for corporate and home users
Microsoft Internet Explorer "daxctle.ocx" KeyFrame Buffer Overflow Vulnerability
http://www.frsirt.com/english/advisories/2006/3593
| Quote: |
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a memory corruption error when processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.
FrSIRT confirmed this vulnerability on a fully patched Windows XP SP2 system. Exploit code is publicly available. |