Intrusion Prevention

MS.IE.wmm2fxa.dll.ActiveX.Control.Instantiation.Code.Execution

Description

This indicates an attack attempt to exploit a Code Execution vulnerability in an ActiveX control.
The vulnerability, which is located in the "wmm2fxa.dll" ActiveX control, can be exploited through misuse of the "bstrPropertyName" property. It may allow remote attackers to execute arbitrary code in the context of the application using the affected ActiveX control. Failed exploit attempts will likely cause the program to crash, resulting in a Denial of Service condition.

Affected Products

Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 for Windows 2000
Microsoft Internet Explorer 5.0.1 for Windows 95
Microsoft Internet Explorer 5.0.1 for Windows 98
Microsoft Internet Explorer 5.0.1 for Windows NT 4.0
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

Recommended Actions

Apply the latest update from the vendor.
Microsoft Internet Explorer 6.0 SP1
Microsoft Cumulative Update for Internet Explorer 6 SP1 (KB916281)
Microsoft Windows 2000 Service Pack 4 or on Microsoft Windows XP Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=0EB17A41-FB43-413B-A5CC-41E1F3DEDE4F&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB916281)
For Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=CCE7C875-C9A4-4C3D-A37B-946EE5E781E7&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB916281) -
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=C8E4CFB6-1350-4AAE-B681-EE2ECAB41118&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB916281)
Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=1C7D5C6D-DDCF-485D-A1E3-60E55334FD74&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB916281)
For Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=85CABE87-C4A0-4F80-BD1C-210E23FD8D81&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB916281)
Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=F91791AC-8185-4346-AA66-89F74D4B5EA7&displaylang=en
Microsoft Internet Explorer 6.0
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 (KB916281)
For Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1
http://www.microsoft.com/downloads/details.aspx?familyid=CCE7C875-C9A4-4C3D-A37B-946EE5E781E7&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 64-bit Itanium Edition (KB916281) -
Microsoft Windows Server 2003 for Itanium-based Systems and Microsoft Windows Server 2003 with SP1 for Itanium-based Systems
http://www.microsoft.com/downloads/details.aspx?familyid=C8E4CFB6-1350-4AAE-B681-EE2ECAB41118&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows Server 2003 x64 Edition (KB916281)
Microsoft Windows Server 2003 x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=1C7D5C6D-DDCF-485D-A1E3-60E55334FD74&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows XP Service Pack 2 (KB916281)
For Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=85CABE87-C4A0-4F80-BD1C-210E23FD8D81&displaylang=en
Microsoft Cumulative Update for Internet Explorer for Windows XP x64 Edition (KB916281)
Microsoft Windows XP Professional x64 Edition
http://www.microsoft.com/downloads/details.aspx?familyid=F91791AC-8185-4346-AA66-89F74D4B5EA7&displaylang=en
Microsoft Internet Explorer 5.0.1 SP4
Microsoft Cumulative Update for Internet Explorer 5.01 Service Pack 4 (KB916281)
Microsoft Windows 2000 Service Pack 4
http://www.microsoft.com/downloads/details.aspx?familyid=91A997DE-BAE4-4AC7-912D-79EF8ABAEF4F&displaylang=en

CVE References

CVE-2006-1303