Internet Explorer Javaprxy.dll heap overflow

Added: 06/05/2006
CVE: CVE-2005-2087
BID: 14087
OSVDB: 17680

Background

Windows operating systems use the Component Object Model (COM) to allow various program components to be run within different applications. One such object, the JView Profiler (Javaprxy.dll), is a debugger interface for Microsoft Java Virtual Machine.

Problem

Internet Explorer is affected by a heap overflow vulnerability when the Javaprxy.dll COM object is instantiated, allow command execution by a malicious web page.

Resolution

Apply the patch referenced in Microsoft Security Bulletin 05-037.

References

http://www.kb.cert.org/vuls/id/939605

Limitations

Exploit works if a vulnerable version of javaprxy.dll is present. A user must load the exploit page into Internet Explorer in order for exploitation to succeed.

Platforms

Windows

Back to exploit index