The vulnerability affects different objects in several different products.
The ReportHebrew and SetSitesFile objects in Panda ActiveScan are affected.
The Photoshop.Application.8 and Photoshop.PhotoCDOpenOptions.8 objects in Adobe Photoshop are affected.
The Symantec.SymVAFileQuery.1, Symantec.SymVARegQuery1 and Symantec.SymUtility1 objects in Symantec Security Check are affected.
CcErrDsp.ErrorDisplay.1 COM object in Symantec Norton AntiVirus 2004 is also affected.
The McFreeScan.CoMcFreeScan.1 object in McAfee McFreeScan is affected. The GetSpecialFolderLocation method in this object contains 25 parameters that allow an attacker to exploit the vulnerability.
The AVXSCANOLINE.AvxScanOnlineCtrl.1 object in BitDefender Scan Online is affected.
The YInstHelper.YInstStarter.1 and YInstHelper.YSearchSetting2 objects in Yahoo! Messenger are affected.
installation, applications register .dll files that they require for operation. When executed for the first time, these files often register COM objects that are utilized by the application. This allows the COM objects to be accessible to any calling COM application. If a COM object is identified by the vendor as safe for scripting, the object can be utilized without warnings within the Internet Zone of Internet Explorer.
The vulnerabilities can be exploited by creating a .html file that either passes an overly long string to certain properties in an object or calls a faulty method within the object.