COM object flaw in Internet Explorer 6

Three malformed dll files could trigger a denial of service attacks

A flaw in certain ActiveX controls in Microsoft Internet Explorer 6.0 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code. By instantiating certain COM objects, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), as ActiveX controls, a memory corruption occurs, crashing the Internet browser.

Additional Resources:

Tags:
Mobile
About the author

    As CNET's resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security. Listen to his podcast at securitybites.cnet.com or e-mail Robert with your questions and comments.

     

    ARTICLE DISCUSSION

    Conversation powered by Livefyre

    Don't Miss
    Hot Products
    Trending on CNET

    Hot on CNET

    CNET's giving away a 3D printer

    Enter for a chance to win* the MakerBot Replicator 3D Printer and all the supplies you need to get started.