CERT Advisory MSoft Buffer Overflow

Paul Wilders · #1 February 25th, 2002, 08:03 PM

Quote:

Original release date: February 25, 2002
Last revised: --
Source: CERT/CC

A complete revision history can be found at the end of this file.

Systems Affected
Microsoft Internet Explorer
Microsoft Outlook and Outlook Express
Other applications that use the Internet Explorer HTML rendering engine
Overview
Microsoft Internet Explorer contains a buffer overflow vulnerability in its handling of embedded objects in HTML documents. This vulnerability could allow an attacker to execute arbitrary code on the victim's system when the victim visits a web page or views an HTML email message.

I. Description
Internet Explorer supports the <EMBED> directive, which can be used to include arbitrary objects in HTML documents. Common types of embedded objects include multimedia files, Java applets, and ActiveX controls. The SRC attribute specifies the source path and filename of an object. For example, a MIDI sound might be embedded in a web page with the following HTML code:

<EMBED TYPE="audio/midi" SRC="/path/sound.mid" AUTOSTART="true">
Internet Explorer uses attributes of the <EMBED> directive and MIME information from the web server to determine how to handle an embedded object. In most cases, a separate application or plugin is used.

A group of Russian researchers, SECURITY.NNOV, has reported that Internet Explorer does not properly handle the SRC attribute of the <EMBED> directive. An HTML document, such as a web page or HTML email message, that contains a crafted SRC attribute can trigger a buffer overflow, executing code with the privileges of the user viewing the document.

According to the Severity Rating for the "Buffer Overrun in HTML Directive" vulnerability in MS02-005, Internet Explorer 5.5 and 6.0 are vulnerable. Outlook and Outlook Express are also vulnerable, since they use Internet Explorer to render HTML email messages. Other applications that use the Internet Explorer HTML rendering engine, such as Windows compiled HTML help (.chm) files and third-party email clients, may also be vulnerable.

Read the full article here:

www.cert.org/advisories/CA-2002-04.html

Tiger_Barb · #2 February 25th, 2002, 09:34 PM

Hi,

Nice post Paul, now I guess it's time to start digging deep in my pocket's and go with The Bat and Opera.....

T Barb

Paul Wilders · #3 February 25th, 2002, 09:42 PM

Thanks TB *

Unless you opt for "SecureBat!" (talking about bucks..) it's not all that expensive, taking into account what you will get into return.

As for Opera: looking forward to the final release. Untill then, I'm quite satisfied with version 5x besides IE.

As it seems, security comes with a price tag on many ocassions. Can't help but blaming Billyware for it *

regards.

paul

Tiger_Barb · #4 February 25th, 2002, 09:54 PM

Paul,

Quote:

Can't help but blaming Billyware for it

*God, aint that the truth.....

T Barb

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search