Alerts
Alerts
Zero-Day Tracker
Common Name:
IE JAVAPRXY.DLL
Date Disclosed:
6/29/2005
Date Patched:
7/12/2005
Vendor:
Microsoft
Application:
Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6
Description:
A buffer overflow exists within the JavaPrxy.dll ActiveX object which may be exploited by attackers to execute arbitrary code on a remote system by a specially-crafted website.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user.
An ActiveX remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS05-037. However, other mitigation is available by kill-bitting the CLSID for Jview (03D9F3F2-B0E3-11D2-B081-006008039BF0) following the directions of KB240797.
Protection:
Microsoft Patch - MS05-037
Links:
CAN-2005-2087
First Public PoC Code Disclosure (Malicious Payload - Reverse Shell)
Status:
7/12/2005: Patched - MS05-037
Common Name:
IE JAVAPRXY.DLL
Date Disclosed:
6/29/2005
Date Patched:
7/12/2005
Vendor:
Microsoft
Application:
Internet Explorer 5.01
Internet Explorer 5.5
Internet Explorer 6
Description:
A buffer overflow exists within the JavaPrxy.dll ActiveX object which may be exploited by attackers to execute arbitrary code on a remote system by a specially-crafted website.
Severity:
High
Code Execution:
Yes
Impact:
Arbitrary code execution under the context of the logged in user.
An ActiveX remote code execution vulnerability has a very high impact since the source of the malicious payload can be any site on the Internet. An even more critical problem is generated when clients are administrators on their local hosts, which would run the malicious payload with Administrator credentials.
Mitigation:
Since this vulnerability is patched, the primary mitigation for this vulnerability would be to apply MS05-037. However, other mitigation is available by kill-bitting the CLSID for Jview (03D9F3F2-B0E3-11D2-B081-006008039BF0) following the directions of KB240797.
Protection:
- eEye's Blink® Personal Edition protects from this vulnerability.
- eEye's Blink® Professional Edition protects from this vulnerability.
- eEye's Retina® Network Security Scanner scans devices to detect for this vulnerability.
Microsoft Patch - MS05-037
Links:
CAN-2005-2087
First Public PoC Code Disclosure (Malicious Payload - Reverse Shell)
Status:
7/12/2005: Patched - MS05-037
