TITLE: Internet Explorer IFRAME Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA12959
RELEASE DATE: 2004-11-02
LAST UPDATE: 2004-11-04
VERIFY ADVISORY: http://secunia.com/advisories/12959/
CRITICAL: Extremely critical
WHERE: From remote
IMPACT: System access
SOFTWARE: Microsoft Internet Explorer 6
DESCRIPTION:
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.
Successful exploitation allows execution of arbitrary code.
The vulnerability has been confirmed in the following versions: * Internet Explorer 6.0 on Windows XP SP1 (fully patched). * Internet Explorer 6.0 on Windows 2000 (fully patched).
NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists.
SOLUTION:
The vulnerability does not affect systems running Windows XP with SP2 installed.
Use another product.
REPORTED BY CREDITS: Discovered by: ned
Additional research and exploit by: Berend-Jan Wever
CHANGELOG: 2004-11-04: Added link to US-CERT vulnerability note.
OTHER REFERENCES: US-CERT VU#842160: http://www.kb.cert.org/vuls/id/842160 -- -- I haven't failed, I've found 10,000 ways that don't work.
Thomas Edison (1847-1931) ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
