Advisory ID: XSec-06-07 Advisory Name: Visual Studio 6.0 Multiple COM Object Instantiation Vulnerability Release Date: 08/18/2006 Tested on: Visual Studio 6.0/Internet Explorer 6.0 SP1 Affected version: Visual Studio 6.0 Author: nop http://www.xsec.org Overview: Multiple vulnerability has been found in Visual Studio 6.0 \ When Internet Explorer tries to instantiate the TCPROPS.DLL, \ FP30WEC.DLL,mdt2db.dll,mdt2qd.dll,VI30AUT.DLL (Visual Stuido \ 6.0) COM object as an ActiveX control, it may corrupt system \ memory in such a way that an attacker may DoS and possibly \ could execute arbitrary code. Exploit: =============== vs6.htm start ================