Paul Wilders
February 25th, 2002, 08:03 PM
-{ Quote: "Original release date: February 25, 2002
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Microsoft Internet Explorer
Microsoft Outlook and Outlook Express
Other applications that use the Internet Explorer HTML rendering engine
Overview
Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.
I. Description
Internet Explorer supports the <EMBED> directive, which can be used to include arbitrary objects in HTML documents. Common types of embedded objects include multimedia files, Java applets, and ActiveX controls. The SRC attribute specifies the source path and filename of an object. For example, a MIDI sound might be embedded in a web page with the following HTML code:
<EMBED TYPE="audio/midi" SRC="/path/sound.mid" AUTOSTART="true">
Internet Explorer uses attributes of the <EMBED> directive and MIME information from the web server to determine how to handle an embedded object. In most cases, a separate application or plugin is used.
A group of Russian researchers, SECURITY.NNOV, has reported that Internet Explorer does not properly handle the SRC attribute of the <EMBED> directive. An HTML document, such as a web page or HTML email message, that contains a crafted SRC attribute can trigger a buffer overflow, executing code with the privileges of the user viewing the document.
According to the Severity Rating for the "Buffer Overrun in HTML Directive" vulnerability in MS02-005, Internet Explorer 5.5 and 6.0 are vulnerable. Outlook and Outlook Express are also vulnerable, since they use Internet Explorer to render HTML email messages. Other applications that use the Internet Explorer HTML rendering engine, such as Windows compiled HTML help (.chm) files and third-party email clients, may also be vulnerable." }-
Read the full article here:
www.cert.org/advisories/CA-2002-04.html
Last revised: --
Source: CERT/CC
A complete revision history can be found at the end of this file.
Systems Affected
Microsoft Internet Explorer
Microsoft Outlook and Outlook Express
Other applications that use the Internet Explorer HTML rendering engine
Overview
Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.
I. Description
Internet Explorer supports the <EMBED> directive, which can be used to include arbitrary objects in HTML documents. Common types of embedded objects include multimedia files, Java applets, and ActiveX controls. The SRC attribute specifies the source path and filename of an object. For example, a MIDI sound might be embedded in a web page with the following HTML code:
<EMBED TYPE="audio/midi" SRC="/path/sound.mid" AUTOSTART="true">
Internet Explorer uses attributes of the <EMBED> directive and MIME information from the web server to determine how to handle an embedded object. In most cases, a separate application or plugin is used.
A group of Russian researchers, SECURITY.NNOV, has reported that Internet Explorer does not properly handle the SRC attribute of the <EMBED> directive. An HTML document, such as a web page or HTML email message, that contains a crafted SRC attribute can trigger a buffer overflow, executing code with the privileges of the user viewing the document.
According to the Severity Rating for the "Buffer Overrun in HTML Directive" vulnerability in MS02-005, Internet Explorer 5.5 and 6.0 are vulnerable. Outlook and Outlook Express are also vulnerable, since they use Internet Explorer to render HTML email messages. Other applications that use the Internet Explorer HTML rendering engine, such as Windows compiled HTML help (.chm) files and third-party email clients, may also be vulnerable." }-
Read the full article here:
www.cert.org/advisories/CA-2002-04.html