Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
BID:12765
Info
Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 12765 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 09 2005 12:00AM |
| Updated: | Mar 09 2005 12:00AM |
| Credit: | Discovery is credited to <[email protected]>. |
| Vulnerable: |
Microsoft Internet Explorer 6.0 SP2 - do not use Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 |
| Not Vulnerable: | |
Discussion
Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability.
This issue presents itself when the application handles a malformed CSS file.
A typical attack would involve the attacker creating a Web site that includes the malicious CSS file. The attacker may then entice a vulnerable user to visit the site. If successful, this attack may result in granting the attacker unauthorized access to the affected computer in the context of the user running Internet Explorer.
This issue may be related to BID 10816 (Microsoft Internet Explorer Style Tag Comment Memory Corruption Vulnerability) and may have been fixed by Microsoft Security Bulletin MS04-038. This is not confirmed at the moment. This BID will be updated when further technical analysis is complete.
Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability.
This issue presents itself when the application handles a malformed CSS file.
A typical attack would involve the attacker creating a Web site that includes the malicious CSS file. The attacker may then entice a vulnerable user to visit the site. If successful, this attack may result in granting the attacker unauthorized access to the affected computer in the context of the user running Internet Explorer.
This issue may be related to BID 10816 (Microsoft Internet Explorer Style Tag Comment Memory Corruption Vulnerability) and may have been fixed by Microsoft Security Bulletin MS04-038. This is not confirmed at the moment. This BID will be updated when further technical analysis is complete.
Exploit / POC
Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
The following exploit creates a malformed CSS file that can be included in an HTML document to trigger this issue:
The following exploit creates a malformed CSS file that can be included in an HTML document to trigger this issue:
Solution / Fix
Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
References:
References:
- Technet Security (Microsoft)