lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 12 Apr 2006 22:49:30 -0000
From: bugtraq@...ph3us.org
To: bugtraq@...urityfocus.com
Subject: [BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2


-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

Multiple Vulnerabilities in MS IE 6.0 SP2

Recently, I discovered three vulnerabilities in Microsoft Internet
Explorer 6 SP2 with all patches applied. All of these bugs are located
in `mshtml.dll' and are caused by incorrect handling of specially
crafted HTML documents. The severity of the first security issue
(<mshtml.dll>#7d6d2db4) is low because it is a non-exploitable Null
Pointer Dereference vulnerability and leads to DoS. The second
(<mshtml.dll>#7d519030) and third (<mshtml.dll>#7d529d35) vulnerability
are similar and the Microsoft Security Response Center rated them as
critical because, on the face of it, they could produce an exploitable
memory corruption (see HTML Tag Memory Corruption Vulnerability -
CVE-2006-1188) with a variant of my PoC.

To satisfy the request of the Microsoft Security Response Center I'm
going to support further details at a later date..

o Description:
=============

Internet Explorer, abbreviated IE or MSIE, is a proprietary web browser
made by Microsoft and currently available as part of Microsoft Windows.

Visit http://www.microsoft.com/windows/ie/default.mspx or
http://en.wikipedia.org/wiki/Internet_Explorer for detailed information.

o Disclosure Timeline:
=====================

xx Feb 06 - Vulnerabilities discovered.
08 Mar 06 - Vendor contacted.
22 Mar 06 - Vendor confirmed vulnerabilities.
11 Apr 06 - Vendor released security update.
12 Apr 06 - First advisory released.

o Solution:
==========

Two of the mentioned vulnerabilities are addressed in the latest
security update for Internet Explorer [2]. I think - this is not an
official statement from the Microsoft Security Response Center - the
third security issue will be fixed in an upcoming service pack release.

o Credits:
=========

Thomas Waldegger <bugtraq@...ph3us.org>
BuHa-Security Community - http://buha.info/board/

If you have questions, suggestions or criticism about the advisory feel
free to send me a mail. The address 'bugtraq@...ph3us.org' is more a
spam address than a regular mail address therefore it's possible that
some mails get ignored. Please use the contact details at
http://morph3us.org/ to contact me.

Greets fly out to cyrus-tc, destructor, nait, rhy, trappy and all
members of BuHa.

Advisory online: http://morph3us.org/advisories/20060412-msie6-sp2.txt

[1] http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

-----BEGIN PGP SIGNATURE-----
Version: n/a
Comment: http://morph3us.org/

iD8DBQFEPVbIkCo6/ctnOpYRA3XdAJ9C18OLBug0Gbfhcy2QhAXaQNkP6ACfdM1s
QIUo3pT6NBXkBnFtwGcYCWU=
=yG/7
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ