Internet Explorer IFRAME Buffer Overflow Vulnerability
http://secunia.com/advisories/12959/
Secunia Advisory: SA12959 Print Advisory
Release Date: 2004-11-02
Last Update: 2004-11-18
Critical:
Extremely critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6
Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.
CVE reference: CAN-2004-1050
Description:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the handling of
certain attributes in the <IFRAME>, <FRAME>, and <EMBED> HTML tags. This
can be exploited to cause a buffer overflow via a malicious HTML document
containing overly long strings in e.g. the "SRC" and "NAME" attributes of
the <IFRAME> tag.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).
NOTE: This advisory has been rated "Extremely critical" as a working
exploit has been published on public mailing lists. A variant of the
MyDoom virus is now also exploiting this vulnerability.
Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.
Use another product.
Provided and/or discovered by:
Discovered by:
ned
Additional research and exploit by:
Berend-Jan Wever
Changelog:
2004-11-04: Added link to US-CERT vulnerability note.
2004-11-09: Added information about virus exploiting this vulnerability.
Added information about <FRAME> and <EMBED> tags also being affected.
2004-11-18: Added CVE reference.
Other References:
US-CERT VU#842160:
http://www.kb.cert.org/vuls/id/842160
Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.
Send Feedback to Secunia:
If you have new information regarding this Secunia advisory or a product
in our database, please send it to us using either our web form or email
us at vuln@secunia.com.
Ideas, suggestions, and other feedback is most welcome.
Found: 71 Related Secunia Security Advisories, displaying 10
- Microsoft Internet Explorer Cookie Path Attribute Vulnerability
- Microsoft Internet Explorer Two Vulnerabilities
- Internet Explorer Flash/Excel Content Status Bar Spoofing Weakness
- Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability
- Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing
- Microsoft Internet Explorer Two Vulnerabilities
- Internet Explorer Multiple Vulnerabilities
- Microsoft Internet Explorer Disclosure of Sensitive XML Information
- Internet Explorer Cross-Domain Cookie Injection Vulnerability
- Microsoft Multiple Products JPEG Processing Buffer Overflow Vulnerability
Leer las respuestas