| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030821135806.2E8D.SNSADV@lac.co.jp> Date: Thu, 21 Aug 2003 13:59:51 +0900 From: "SecureNet Service(SNS) Spiffy Reviews" <snsadv@....co.jp> To: bugtraq@...urityfocus.com Subject: [SNS Advisory No.68] Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment ---------------------------------------------------------------------- SNS Advisory No.68 Internet Explorer Object Type Buffer Overflow in Double-Byte Character Set Environment Problem first discovered on: Fri, 06 June 2003 Published on: Thu, 21 Aug 2003 ---------------------------------------------------------------------- Overview: --------- Microsoft Internet Explorer is vulnerable to a buffer overflow under the double-byte character set environment. Problem Description: -------------------- A buffer overflow occurs in Microsoft Internet Explorer when HTML files with an unusually long string including double-byte character sets in the Type property of the Object tag are processed. In order to trigger this vulnerability, malicious website administrators could induce Internet Explorer users to view a specially crafted web site and consequently execute arbitrary code with the users' privileges. This problem differs from the issue described in MS03-020 in that it affects only specific language versions, including Japanese. Arbitrary codes could be successfully executed on Internet Explorer 6 SP1 Japanese in a testing environment. Tested Version: --------------- Internet Explorer 6 Service Pack 1 Japanese Edition Solution: --------- Apply an appropriate patch available at: Microsoft Security Bulletin MS03-032: http://www.microsoft.com/technet/security/bulletin/MS03-032.asp Microsoft Security Bulletin MS03-032(Japanese site): http://www.microsoft.com/japan/technet/security/bulletin/MS03-032.asp Discovered by: -------------- Yuu Arai y.arai@....co.jp Acknowledgements: ----------------- Thanks to: Security Response Team of Microsoft Asia Limited The attack technique was originally found by: eEye Digital Security http://www.eEye.com Disclaimer: ----------- The information contained in this advisory may be revised without prior notice and is provided as it is. Users shall take their own risk when taking any actions following reading this advisory. LAC Co., Ltd. shall take no responsibility for any problems, loss or damage caused by, or by the use of information provided here. This advisory can be found at the following URL: http://www.lac.co.jp/security/english/snsadv_e/68_e.html ------------------------------------------------------------------ Secure Net Service(SNS) Security Advisory <snsadv@....co.jp> Computer Security Laboratory, LAC http://www.lac.co.jp/security/
Powered by blists - more mailing lists