Threat Monitor
Troj.JS.Agent.bhm
| Aliases: | |
|---|---|
| Pattern: | 201005081350 |
| Threat Type | Propagation Methods | Systems Affected | Risk Level |
|---|---|---|---|
|
|
|
Microsoft Internet Explorer is prone to a Code Execution Vulnerability.
The vulnerability is caused by an array-indexing error within the Microsoft Tabular Data Control ActiveX control(tdc.ocx) with the CLSID:333C7BC4-460F-11D0-BC04-0080C7055A83. By persuading a victim to visit a specially-crafted Web page that passes an overly long "DataURL" parameter value to the "CTDCCtl::SecurityCheckDataURL()" function can be exploited to write a single NULL-byte to an arbitrary memory location, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Affected: Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4
The vulnerability is caused by an array-indexing error within the Microsoft Tabular Data Control ActiveX control(tdc.ocx) with the CLSID:333C7BC4-460F-11D0-BC04-0080C7055A83. By persuading a victim to visit a specially-crafted Web page that passes an overly long "DataURL" parameter value to the "CTDCCtl::SecurityCheckDataURL()" function can be exploited to write a single NULL-byte to an arbitrary memory location, a remote attacker could exploit this vulnerability to execute arbitrary code on the system with the privileges of the victim.
Affected: Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 5.0.1 SP4
