[NT] Microsoft Internet Explorer HTML Tag Long File Name Extension Stack Buffer Overflow Vulnerability (MS08-073)
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 11 Dec 2008 11:09:02 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
Microsoft Internet Explorer HTML Tag Long File Name Extension Stack Buffer
Overflow Vulnerability (MS08-073)
------------------------------------------------------------------------
SUMMARY
Internet Explorer is a graphical web browser developed by Microsoft Corp.
that has been included with Microsoft Windows since 1995. Remote
exploitation of a stack buffer overflow vulnerability while handling
specific HTML tags in Microsoft Corp.'s Internet Explorer web browser
allows attackers to execute arbitrary code within the context of the
affected user.
DETAILS
Vulnerable Systems:
* Windows 2000 SP4 running Internet Explorer version 5.01
On Internet Explorer 5.01 a function return address can be overwritten
with attacker controlled data which results in an exploitable condition.
However on Internet Explorer 6 the vulnerability will only overflow one
byte. For Internet Explorer 6 on Windows 2000 platform, the overflowed
byte is in a local variable, and overwriting it doesn't affect program
execution at all. For Internet Explorer 6 on Windows XP SP2, the
overflowed byte is in the stack cookie, which causes Internet Explorer to
terminate and only results in a denial of service.
Vendor response:
Microsoft has released a patch which addresses this issue. For more
information, consult their advisory at the following URL.
<http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx>
http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx
Microsoft recommends that customers apply the update immediately.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4261>
CVE-2008-4261
Disclosure Timeline:
08/26/2008 - Initial Vendor Notification
08/26/2008 - Initial Vendor Reply
09/24/2008 - Additional Vendor Feedback
12/02/2008 - Additional Vendor Feedback
12/09/2008 - Coordinated Public Disclosure
ADDITIONAL INFORMATION
The information has been provided by
<mailto:idlabs-advisories@xxxxxxxxxxxx> iDefense Labs Security Advisories.
The original article can be found at:
<http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=761>
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=761
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [NT] Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (MS08-071)
- Next by Date: [NEWS] Sun Java Multiple Vulnerabilities
- Previous by thread: [NT] Microsoft Windows Graphics Device Interface Integer Overflow Vulnerability (MS08-071)
- Next by thread: [NEWS] Sun Java Multiple Vulnerabilities
- Index(es):
Relevant Pages
|
