lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 21 Aug 2003 13:59:51 +0900
From: "SecureNet Service(SNS) Spiffy Reviews" <snsadv@....co.jp>
To: bugtraq@...urityfocus.com
Subject: [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment


----------------------------------------------------------------------
SNS Advisory No.68
Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment 

Problem first discovered on: Fri, 06 June 2003 
Published on: Thu, 21 Aug 2003
----------------------------------------------------------------------

Overview:
---------
  Microsoft Internet Explorer is vulnerable to a buffer overflow under 
  the double-byte character set environment.


Problem Description:
--------------------
  A buffer overflow occurs in Microsoft Internet Explorer when HTML 
  files with an unusually long string including double-byte character 
  sets in the Type property of the Object tag are processed. 

  In order to trigger this vulnerability, malicious website administrators
  could induce Internet Explorer users to view a specially crafted web 
  site and consequently execute arbitrary code with the users' privileges.

  This problem differs from the issue described in MS03-020 in that it
  affects only specific language versions, including Japanese.  
  Arbitrary codes could be successfully executed on Internet Explorer 
  6 SP1 Japanese in a testing environment. 


Tested Version:
---------------
  Internet Explorer 6 Service Pack 1 Japanese Edition


Solution:
---------
  Apply an appropriate patch available at:

  Microsoft Security Bulletin MS03-032:
  http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

  Microsoft Security Bulletin MS03-032(Japanese site):
  http://www.microsoft.com/japan/technet/security/bulletin/MS03-032.asp 


Discovered by:
--------------
  Yuu Arai y.arai@....co.jp


Acknowledgements:
-----------------

  Thanks to:
  Security Response Team of Microsoft Asia Limited

  The attack technique was originally found by:
  eEye Digital Security  http://www.eEye.com


Disclaimer:
-----------
  The information contained in this advisory may be revised without prior 
  notice and is provided as it is. Users shall take their own risk when 
  taking any actions following reading this advisory. LAC Co., Ltd. shall 
  take no responsibility for any problems, loss or damage caused by, or 
  by the use of information provided here.

  This advisory can be found at the following URL: 
  http://www.lac.co.jp/security/english/snsadv_e/68_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@....co.jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/





Powered by blists - more mailing lists