TITLE:
Internet Explorer URL Parsing Buffer Overflow Vulnerability
SECUNIA ADVISORY ID:
SA21557
VERIFY ADVISORY:
http://secunia.c
om/advisories/21557/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6.x
http://secunia.com/pro
duct/11/
DESCRIPTION:
A vulnerability has been reported in Internet Explorer,
which
can be
exploited by malicious people to compromise a user's
system.
The vulnerability is caused due to a boundary error when
processing
URLs on a website using HTTP 1.1 and compression. This can
be
exploited to cause a buffer overflow via an overly long URL.
Successful exploitation allows execution of arbitrary code
when
a
user is e.g. tricked into visiting a malicious website.
The vulnerability affects Internet Explorer 6 SP1 on Windows
2000 and
Windows XP SP1 and was introduced by the MS06-042 patches.
SOLUTION:
The vendor recommends disabling the HTTP 1.1 protocol in
Internet
Explorer (see the vendor's advisory for details).
ORIGINAL ADVISORY:
Microsoft:
http://www.microsoft.com/technet/security/advisory
/923762.mspx
http://suppor
t.microsoft.com/kb/923762/
OTHER REFERENCES:
US-CERT VU#821156:
http://www.kb.c
ert.org/vuls/id/821156
============= PCWorks Mailing List =================
Don't see your post? Check our posting guidelines &
make sure you've followed proper posting procedures,
http://pcworkers.com/r
ules.htm
Contact list owner <owner-pcworks imagicomm.com>
Unsubscribing and other changes: http://pcworkers.com
=====================================================
|