• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Javaprxy.DLL COM Object Instantiation Heap Overflow Vulnerability

Solution:
The vendor has released an advisory (903144) that contains workarounds to prevent exploits of this issue. Customers are urged to review the referenced advisory for further information.

Microsoft has released security bulletin MS05-037 along with fixes to address this issue. Please see the referenced advisory for more information.

Nortel has released bulletin number 2005006061 describing vulnerable packages. Fixes are not currently available. Please see the referenced document for details.


Microsoft Internet Explorer 6.0 SP1

• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4, or on Microsoft Windows XP Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?familyid=2A506C16-01EF -4060-BCF8-6993C55840A9

Microsoft Internet Explorer 6.0 SP2 - do not use

• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=68209225-A682 -4008-A22B-881C401486F7


• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=80EFD9A8-7EE9 -4B0B-8517-559C49614AB7


• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 for Microsoft Windows XP Service Pack 2
  http://www.microsoft.com/downloads/details.aspx?familyid=C1381768-6C6D -4568-97B1-600DB8798EBF


• Microsoft Security Update for JView Profiler (KB903235)
  Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  http://www.microsoft.com/downloads/details.aspx?familyid=D785F9AB-DBE9 -4272-A87E-64205690F98E


• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?familyid=F368E231-9918 -4881-9F17-60312F82183F

Microsoft Internet Explorer 6.0

• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
  http://www.microsoft.com/downloads/details.aspx?familyid=68209225-A682 -4008-A22B-881C401486F7


• Microsoft Security Update for JView Profiler (KB903235)
  Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
  http://www.microsoft.com/downloads/details.aspx?familyid=D785F9AB-DBE9 -4272-A87E-64205690F98E


• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 6 for Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
  http://www.microsoft.com/downloads/details.aspx?familyid=F368E231-9918 -4881-9F17-60312F82183F

Microsoft Internet Explorer 5.0.1 SP3

• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?familyid=25982E02-EC6D -44CE-82DE-12DDEF1ADDD6

Microsoft Internet Explorer 5.0.1 SP4

• Microsoft Security Update for JView Profiler (KB903235)
  Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
  http://www.microsoft.com/downloads/details.aspx?familyid=25982E02-EC6D -44CE-82DE-12DDEF1ADDD6