Critical Microsoft IE Remote Code Execution Exploit

Not threatening systems with Office 2003. If you’re on OfficeXP or Visual Studio only, we kindly ask you not to browse the web for a little while. 😉

FrSIRT Advisory : FrSIRT/ADV-2005-1450
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-08-17

* Technical Description *

A critical vulnerability was identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This issue is due to a memory corruption error when instantiating the “Msdds.dll” (Microsoft Design Tools Diagram Surface) object as an ActiveX control, which could be exploited by an attacker to take complete control of an affected system via a specially crafted Web page.

Note : The affected library is installed with Microsoft Office and Microsoft Visual Studio. Only systems with the “Msdds.dll” library installed are vulnerable.

This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 and Office 2002 (msdds.dll version 7.0.9064.9112).

* Exploits *

http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

* Affected Products *

Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows XP SP1

Microsoft Office 2002
Microsoft Visual Studio .NET 2002

* Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

* References *

http://www.frsirt.com/english/advisories/2005/1450
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

* Credits *

Vulnerability reported by an anonymous person

* ChangeLog *

2005-08-17 : Original Advisory
2005-08-17 : Updated vulnerable products (Microsoft Visual Studio)
2005-08-18 : Updated vulnerable products (Microsoft Office)