TITLE: Internet Explorer URL Parsing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID: SA21557
VERIFY ADVISORY: http://secunia.com/advisories/21557/
CRITICAL: Highly critical
IMPACT: System access
WHERE: >From remote
SOFTWARE: Microsoft Internet Explorer 6.x - http://secunia.com/product/11/
DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing URLs on a website using HTTP 1.1 and compression. This can be exploited to cause a buffer overflow via an overly long URL. Successful exploitation allows execution of arbitrary code when a user is e.g. tricked into visiting a malicious website. The vulnerability affects Internet Explorer 6 SP1 on Windows 2000 and Windows XP SP1 and was introduced by the MS06-042 patches.
SOLUTION: The vendor recommends disabling the HTTP 1.1 protocol in Internet Explorer (see the vendor's advisory for details).
PROVIDED AND/OR DISCOVERED BY:
Dejan Kovacevic, Bold Internet Solutions.
Derek Soeder, eEye Digital Security.
ORIGINAL ADVISORY:
Microsoft:
http://www.microsoft.com/technet/security/advisory/923762.mspx
http://support.microsoft.com/kb/923762/
OTHER REFERENCES: US-CERT VU#821156: http://www.kb.cert.org/vuls/id/821156
|
This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2350
https://www.ravenphpscripts.com
The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2350