1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: Unsafe ActiveX Obj Instantiation

Web Attack: Unsafe ActiveX Obj Instantiation

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.


This is a generic signature that detects instantiation of few unsafe objects.

Additional Information

Microsoft Visual Studio 2005 is a development tool for building applications on Microsoft platforms and Web technology. n nVisual Studio 2005 is prone to a vulnerability that could allow arbitrary code execution. The issue occurs due to an unspecified error in the WMI Object Broker ActiveX Control included in 'WmiScriptUtils.dll'.

It has been reported that an exploit exists that triggers this issue through a Web page. When the page is viewed using certain versions of Internet Explorer, arbitrary code may be executed on the vulnerable host.

Microsoft Visual Studio 2005 is reported to be affected. Implementations of Visual Studio 2005 on Windows Server 2003 and Windows Server 2003 Service Pack 1 with Enhanced Security activated are not vulnerable. Nor are Visual Studio 2005 users who are running Internet Explorer 7 with default security settings.


  • Microsoft Visual Studio 2005


Workaround:Disabling Active Scripting in Internet Explorer or setting the kill bit on the {7F5B7F63-F06F-4331-8A26-339E03C0AE3D} CLSID will prevent a successful exploit of this vulnerability. nPlease see the referenced Microsoft advisory (927709) for more information on implementing workarounds.Solution:Microsoft has released security advisory (927709) regarding this issue for Microsoft Visual Studio 2005. Please see the referenced advisory for further information.

At the time of this writing, Microsoft has not released a fix that addresses this issue.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube