Home Page | Skip to Navigation | Skip to Content | Skip to Search | Skip to Footer

Microsoft Internet Explorer COM Object Vulnerability (MS05-054)

Attack ID: CPAI-2005-158
Publish Date:
Category: Remote Code Execution
Vulnerable Systems: Microsoft Windows 2000 Service Pack 4
Microsoft Windows XP SP1 and SP2
Microsoft Windows XP Professional x64 Edition
Microsoft Windows Server 2003
Microsoft Windows Server 2003 SP1
Microsoft Windows Server 2003 for Itanium-based Systems
Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
Microsoft Windows Server 2003 x64 Edition family
Source:

Microsoft Security Bulletin (MS05-054)

Description: Microsoft Internet Explorer allows instantiation of COM objects that are not intended to be used in the browser, potentially allowing attackers to execute arbitrary code or crash Internet Explorer. Exploit code for this vulnerability is publicly available.
Severity:
Details:

When Internet Explorer displays a Web page that contains an event that points to a vulnerable COM object, system memory may be corrupted, allowing an attacker to execute arbitrary code or even crash the browser.  
Attack Detection:

Users of VPN-1 NG with Application Intelligence R55W and users of VPN-1 NGX R60 will identify the attack by the following SmartView log entry:

Attack Name: Web Client Enforcement Violation
Information: Microsoft Internet Explorer - Detected COM Object (MS05-054) Vulnerability

Users of VPN-1 NG with Application Intelligence R55 will receive rule 99810 on the SmartView Tracker screen.

Solution: Users of VPN-1 NG with Application Intelligence R55 & R55W and users of VPN-1 NGX R60 should update their SmartDefense by clicking Online Update (R55 - Update Now) in the SmartDashboard General window.

By enabling the protection, SmartDefense will block malicious Web servers attempting to exploit this vulnerability.

To enable the protection:

1. On the Web Intelligence navigation tree, click HTTP Client Protections and enable Microsoft Internet Explorer

2. In the Microsoft Internet Explorer screen, enable Block COM Objects (MS05-054) Vulnerability 



3. Install security policy on all modules.

Note: Depending on the traffic mix, activating this protection may result in performance degradation
Industry Reference: CAN-2005-2831
US-CERT
Additional Information: Zone Labs Security Advisory

This update also includes:

- Protection against Cisco IOS HTTP Server Vulnerability - CPAI-2005-159
- Protection against Macromedia JRun 4.0 Web Server Buffer Overflow Vulnerability - CPAI-2005-161
- Protection against Microsoft IIS URI Denial of Service  - CPAI-2005-160