[Seguridad] Internet Explorer IFRAME Buffer Overflow Vulnerability

04/11/2004 - 12:47 por ANONIMATO | Informe spam
http://secunia.com/advisories/12959/

Internet Explorer IFRAME Buffer Overflow Vulnerability


Secunia Advisory: SA12959
Release Date: 2004-11-02
Last Update: 2004-11-04


Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Microsoft Internet Explorer 6


Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of
certain attributes in the <IFRAME> HTML tag. This can be exploited to
cause a buffer overflow via a malicious HTML document containing overly
long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated "Extremely critical" as a working
exploit has been published on public mailing lists.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Ejemplo de MVP insultando:
http://tinyurl.com/2rxdv

Lb fbv ry nhgragvpb NABAVZNGB

Preguntas similare

Leer las respuestas

#1 JM Tella Llop [MVP Windows]
04/11/2004 - 14:23 | Informe spam
The vulnerability does NOT affect systems running Windows XP with SP2 installed.



(esta vulnerabilidad NO afecta a sistemas con WIndows XP SP2 instalado)

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"ANONIMATO" wrote in message news:
http://secunia.com/advisories/12959/

Internet Explorer IFRAME Buffer Overflow Vulnerability


Secunia Advisory: SA12959
Release Date: 2004-11-02
Last Update: 2004-11-04


Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Microsoft Internet Explorer 6


Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of
certain attributes in the <IFRAME> HTML tag. This can be exploited to
cause a buffer overflow via a malicious HTML document containing overly
long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated "Extremely critical" as a working
exploit has been published on public mailing lists.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Ejemplo de MVP insultando:
http://tinyurl.com/2rxdv

Lb fbv ry nhgragvpb NABAVZNGB

Respuesta Responder a este mensaje
#2 Ille Corvus
04/11/2004 - 20:51 | Informe spam
ANONIMATO escribio en mensaje
:

http://secunia.com/advisories/12959/

Internet Explorer IFRAME Buffer Overflow Vulnerability


Secunia Advisory: SA12959
Release Date: 2004-11-02
Last Update: 2004-11-04


Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Microsoft Internet Explorer 6


Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of
certain attributes in the <IFRAME> HTML tag. This can be exploited to
cause a buffer overflow via a malicious HTML document containing overly
long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated "Extremely critical" as a working
exploit has been published on public mailing lists.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.



gracias por el aviso...aunque uso mozilla firefox ;-)


Filtrado por /mal educado/ «Tella Llop, JM» desde 2003.10.25 (Kill-File Global):

De muestra un 'boton' http://tinyurl.com/2rxdv (menores de edad no sigais este enlace).
Respuesta Responder a este mensaje
#3 Ille Corvus
04/11/2004 - 20:58 | Informe spam
ANONIMATO escribio en mensaje
:

http://secunia.com/advisories/12959/

Internet Explorer IFRAME Buffer Overflow Vulnerability


Secunia Advisory: SA12959
Release Date: 2004-11-02
Last Update: 2004-11-04


Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched


Software: Microsoft Internet Explorer 6


Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.


Description:
A vulnerability has been reported in Internet Explorer, which can be
exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of
certain attributes in the <IFRAME> HTML tag. This can be exploited to
cause a buffer overflow via a malicious HTML document containing overly
long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated "Extremely critical" as a working
exploit has been published on public mailing lists.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.



gracias por el aviso...aunque uso mozilla firefox ;-)


Filtrado por /mal educado/ «Tella Llop, JM» desde 2003.10.25 (Kill-File Global):

De muestra un 'boton' http://tinyurl.com/2rxdv (menores de edad no sigais este enlace).
email Siga el debate Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaRespuesta Tengo una respuesta
Search Busqueda sugerida