[NT] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment

From: SecuriTeam (support_at_securiteam.com)
Date: 08/21/03

  • Next message: SecuriTeam: "[UNIX] ViRobot Linux Server Contains Several Local Overflows"
    To: list@securiteam.com
    Date: 21 Aug 2003 09:35:40 +0200
    
    

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set
    Environment
    ------------------------------------------------------------------------

    SUMMARY

    Microsoft Internet Explorer is vulnerable to a buffer overflow under the
    double-byte character set environment.

    DETAILS

    Vulnerable systems:
     * Internet Explorer 6 Service Pack 1 Japanese Edition

    A buffer overflow occurs in Microsoft Internet Explorer when HTML files
    with an unusually long string including double-byte character sets in the
    Type property of the Object tag are processed.

    In order to trigger this vulnerability, malicious website administrators
    could induce Internet Explorer users to view a specially crafted web site
    and consequently execute arbitrary code with the users' privileges.

    This problem differs from the issue described in MS03-020 in that it
    affects only specific language versions, including Japanese. Arbitrary
    codes could be successfully executed on Internet Explorer 6 SP1 Japanese
    in a testing environment.

    Solution:
    Apply an appropriate patch available at:

    Microsoft Security Bulletin MS03-032:
    <http://www.microsoft.com/technet/security/bulletin/MS03-032.asp>
    http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

    Microsoft Security Bulletin MS03-032(Japanese site):
    <http://www.microsoft.com/japan/technet/security/bulletin/MS03-032.asp>
    http://www.microsoft.com/japan/technet/security/bulletin/MS03-032.asp

    ADDITIONAL INFORMATION

    The original advisory can be found at the following URL:
    <http://www.lac.co.jp/security/english/snsadv_e/68_e.html>
    http://www.lac.co.jp/security/english/snsadv_e/68_e.html

    The information has been provided by <mailto:y.arai@lac.co.jp> Yuu Arai
    and <mailto:snsadv@lac.co.jp> SecureNet Service(SNS) Spiffy Reviews.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.


  • Next message: SecuriTeam: "[UNIX] ViRobot Linux Server Contains Several Local Overflows"

    Relevant Pages

    • [NT] Cumulative Security Update for Internet Explorer (MS06-021)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Improper memory and user input handling with Internet Explorer allows ... A remote code execution vulnerability exists in the way Internet Explorer ...
      (Securiteam)
    • [NT] Cumulative Security Update for Internet Explorer (MS05-038)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... A buffer overflow vulnerability within Internet Explorer allows attackers ...
      (Securiteam)
    • [NT] Cumulative Security Update for Internet Explorer (MS06-013)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... Microsoft Internet Explorer allow attackers to execute arbitrary code, ... A remote code execution vulnerability exists in the way Internet Explorer ...
      (Securiteam)
    • [NT] Vulnerability in Microsoft Agent Allows Code Execution (MS06-068)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... for more information about Internet Explorer Enhanced Security ... Configure Internet Explorer to prompt before running ActiveX Controls ...
      (Securiteam)
    • [NT] Vulnerability in HTML Help Allows Code Execution (MS05-001)
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Get your security news from a reliable source. ... * Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service ...
      (Securiteam)