[SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment
From: SecureNet Service(SNS) Spiffy Reviews (snsadv_at_lac.co.jp)
Date: 08/21/03
- Previous message: SecureNet Service(SNS) Spiffy Reviews: "[SNS Advisory No.67] The Return of the Content-Disposition Vulnerability in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 21 Aug 2003 13:59:51 +0900 To: bugtraq@securityfocus.com
----------------------------------------------------------------------
SNS Advisory No.68
Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment
Problem first discovered on: Fri, 06 June 2003
Published on: Thu, 21 Aug 2003
----------------------------------------------------------------------
Overview:
---------
Microsoft Internet Explorer is vulnerable to a buffer overflow under
the double-byte character set environment.
Problem Description:
--------------------
A buffer overflow occurs in Microsoft Internet Explorer when HTML
files with an unusually long string including double-byte character
sets in the Type property of the Object tag are processed.
In order to trigger this vulnerability, malicious website administrators
could induce Internet Explorer users to view a specially crafted web
site and consequently execute arbitrary code with the users' privileges.
This problem differs from the issue described in MS03-020 in that it
affects only specific language versions, including Japanese.
Arbitrary codes could be successfully executed on Internet Explorer
6 SP1 Japanese in a testing environment.
Tested Version:
---------------
Internet Explorer 6 Service Pack 1 Japanese Edition
Solution:
---------
Apply an appropriate patch available at:
Microsoft Security Bulletin MS03-032:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
Microsoft Security Bulletin MS03-032(Japanese site):
http://www.microsoft.com/japan/technet/security/bulletin/MS03-032.asp
Discovered by:
--------------
Yuu Arai y.arai@lac.co.jp
Acknowledgements:
-----------------
Thanks to:
Security Response Team of Microsoft Asia Limited
The attack technique was originally found by:
eEye Digital Security http://www.eEye.com
Disclaimer:
-----------
The information contained in this advisory may be revised without prior
notice and is provided as it is. Users shall take their own risk when
taking any actions following reading this advisory. LAC Co., Ltd. shall
take no responsibility for any problems, loss or damage caused by, or
by the use of information provided here.
This advisory can be found at the following URL:
http://www.lac.co.jp/security/english/snsadv_e/68_e.html
------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@lac.co.jp>
Computer Security Laboratory, LAC http://www.lac.co.jp/security/
- Previous message: SecureNet Service(SNS) Spiffy Reviews: "[SNS Advisory No.67] The Return of the Content-Disposition Vulnerability in IE"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
