A flaw in certain ActiveX controls in Microsoft Internet Explorer 6.0 and possibly other versions allows remote attackers to cause a denial of service and possibly execute arbitrary code. By instantiating certain COM objects, including (1) imskdic.dll (Microsoft IME), (2) chtskdic.dll (Microsoft IME), and (3) msoe.dll (Outlook), as ActiveX controls, a memory corruption occurs, crashing the Internet browser.
Additional Resources:
- XSec Advisory: Internet Explorer (CHTSKDIC.DLL) COM Object
- XSec Advisory: Internet Explorer (IMSKDIC.DLL) COM Object
- XSec Advisory: Internet Explorer (msoe.dll) COM Object