[VulnWatch] Internet Explorer Plugin.ocx heap overflow (#NISR24042003)

From: NGSSoftware Insight Security Research (nisr@nextgenss.com)
Date: 04/24/03

  • Next message: KF: "[VulnWatch] SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows."
    From: "NGSSoftware Insight Security Research" <nisr@nextgenss.com>
    To: <ntbugtraq@listserv.ntbugtraq.com>, <bugtraq@securityfocus.com>, <vulnwatch@vulnwatch.org>
    Date: Thu, 24 Apr 2003 17:14:59 +0100

    NGSSoftware Insight Security Research Advisory

    Name: Internet Explorer ActiveX Control Heap Overflow
    Systems Affected: IE 5.01 SP3, 5.5 SP2, 6.0 Gold, 6.0 SP1
    Severity: Critical Risk
    Category: Heap Overflow
    Vendor URL: http://www.microsoft.com
    Author: Mark Litchfield (mark@ngssoftware.com)
    Date: 24th April 2003
    Advisory number: #NISR24042003

    Internet Explorer is the most popular web browser in use by the internet
    community with a reported 95% user base of internet users. IE suffers from a
    heap based buffer overflow vulnerability that can be exploited via e-mail or
    by viewing a web page.

    There is an exploitable heap overflow vulnerability in Microsoft's ActiveX
    control, Plugin.ocx. By default, plugin.ocx is marked safe for scripting,
    and as such, if an IE user were to visit a malicious web page, the overflow
    could be triggered allowing for a "remote" compromise of the user's machine.
    Alternatively, an attacker could send their target a specially crafted
    e-mail, loaded with an exploit to take advantage of this vulnerability. The
    problem arises by passing an overly long string to the Load method of the

    Fix Information
    NGSSoftware alerted Microsoft to this vulnerability on 13th December 2002.
    The patch information is available from

    Further Information
    For further information about the scope and effects of buffer overflows,
    please see


    About NGSSoftware
    NGSSoftware design, research and develop intelligent, advanced application
    security assessment scanners. Based in the United Kingdom, NGSSoftware have
    offices in the South of London and the East Coast of Scotland. NGSSoftware's
    sister company NGSConsulting, offers best of breed security consulting
    services, specialising in application, host and network security


    Telephone +44 208 401 0070
    Fax +44 208 401 0076


  • Next message: KF: "[VulnWatch] SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows."