Forum Index
Home Forum Radio Memberlist Help Search Quick Links

It appears you have not yet registered with our community which limits what you can do & see. It's Free To register, please click here.



Forum Index » Internet » Security Alerts and vulnerabilities » Internet Explorer HTML Elements Buffer Overflow
Register Calendar Gallery Mark Forums Read

Security Alerts and vulnerabilities Lets keep abreast on the latest threats by posting those findings here..

Reply
 
Thread Tools Display Modes
  #1  
Old 12-06-2004, 10:32 AM
Mobo's Avatar
Mobo Mobo is offline
Thinking outside the box
  
Join Date: Sep 2004
Location: Cape Breton
Posts: 4,584
Send a message via ICQ to Mobo Send a message via AIM to Mobo Send a message via MSN to Mobo Send a message via Yahoo to Mobo Send a message via Skype™ to Mobo
Thumbs down
:vertag:
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the handling of certain attributes in the <IFRAME> and <FRAME> HTML tags. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in e.g. the "SRC" and "NAME" attributes of the <IFRAME> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists. A variant of the MyDoom virus is now also exploiting this vulnerability.

Solution:
Apply patches.

Internet Explorer 6 SP1 on Microsoft Windows 2000 SP3/SP4, or on Microsoft Windows XP SP1:
http://www.microsoft.com/downloa...BD51-43...C1-D9A1E12963EC

Internet Explorer 6 SP1 on Microsoft Windows NT Server 4.0 SP6a, on Microsoft Windows NT Server 4.0 Terminal Service Edition SP6, on Microsoft Windows 98, on Microsoft Windows 98 SE, or on Microsoft Windows Me:
http://www.microsoft.com/downloa...6C13-4F...51-2C8A90E11C57

Internet Explorer 6 for Windows XP SP1 (64-Bit Edition):
http://www.microsoft.com/downloa...05cf-eb...3d-03e8969e0b5c

NOTE: The vulnerability does not affect systems running Windows XP with SP2 installed nor Windows Server 2003.
Reply With Quote
Posted


Reply

  • Submit Thread to Digg Digg
  • Submit Thread to del.icio.us del.icio.us
  • Submit Thread to StumbleUpon StumbleUpon
  • Submit Thread to Google Google
    • Bookmarks

    « Previous Thread | Next Thread »
    Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
     
    Thread Tools
    Display Modes
    Linear Mode Linear Mode

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts
    BB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump

    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    RSS-Microsoft Security Advisory (906267): A COM Object (Msdds.dll) Could Cause Internet Explorer to Unexpectedly Exit - 8/25/2005 RSS Importer Security Alerts and vulnerabilities 0 08-25-2005 02:00 AM
    eliteuvf32.exe?? AdWare? Alex Spyware / Virus Removal 31 05-17-2005 08:50 PM
    Pop-up crazy MOJET Spyware / Virus Removal 11 03-30-2005 08:22 PM
    Microsoft Internet Explorer 6 Mobo Security Alerts and vulnerabilities 0 12-15-2004 07:29 PM



    All times are GMT -5. The time now is 08:15 PM.

    Contact Us - CyberAnswers - Archive - Privacy Statement - Top

    Firefox 2