----------------------------------------------------------------------

Bist Du interessiert an einem neuen Job in IT-Sicherheit?


Secunia hat zwei freie Stellen als Junior und Senior Spezialist in IT-
Sicherheit:
http://secunia.com/secunia_vacancies/

----------------------------------------------------------------------

TITLE:
Microsoft Design Tools msdds.dll Code Execution Vulnerability

SECUNIA ADVISORY ID:
SA16480

VERIFY ADVISORY:
http://secunia.com/advisories/16480/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
Microsoft Visual Studio .NET 2003
http://secunia.com/product/1086/
Microsoft Office 2003 Student and Teacher Edition
http://secunia.com/product/2278/
Microsoft Office 2003 Standard Edition
http://secunia.com/product/2275/
Microsoft Internet Explorer 5.01
http://secunia.com/product/9/
Microsoft Internet Explorer 5.5
http://secunia.com/product/10/
Microsoft Internet Explorer 6.x
http://secunia.com/product/11/
Microsoft Office 2003 Professional Edition
http://secunia.com/product/2276/
Microsoft Office 2003 Small Business Edition
http://secunia.com/product/2277/

DESCRIPTION:
A vulnerability has been reported in Microsoft Visual Studio .NET,
which potentially can be exploited by malicious people to compromise
a vulnerable system.

The vulnerability is caused due to an error when the "msdds.dll"
(Microsoft Design Tools - Diagram Surface) COM object is instantiated
in the Internet Explorer browser.

Successful exploitation may allow execution of arbitrary code, but
requires that a user is tricked into visiting a malicious web site.

The COM object is known to be installed as part of the following
products:
* Microsoft Visual Studio .NET 2003
* Microsoft Office Professional 2003

Other products may also include the affected COM object.

NOTE: An exploit has been published. However, there are currently
conflicting reports about the exploitability of this issue. Some
reports confirm that code execution is possible, while other reports
indicate that the problem can't be reproduced. Secunia has currently
not been able to reproduce the vulnerability in version 7.10.3077.0
of the COM object.

This advisory will be updated when more information is available.

SOLUTION:
Restrict use of ActiveX controls to trusted web sites only.

PROVIDED AND/OR DISCOVERED BY:
Reported by anonymous person.

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------