[Esd-l]
FW: [SA12959] Internet Explorer IFRAME Buffer Overflow
Vulnerabil ity
Smart,Dan
SmartD at VMCMAIL.com
Wed Nov 3 08:36:43 PST 2004
Just checking, but I believe IFRAME buffers have been checked for along time
in Sanitizer. Isn't that correct John?
This one should be handled?
TIA
<<Dan>>
> -----Original Message-----
> From: Secunia Security Advisories [mailto:sec-adv at secunia.com]
> Sent: Tuesday, November 02, 2004 2:23 PM
> To: dan.smart at vul.com
> Subject: [SA12959] Internet Explorer IFRAME Buffer Overflow
> Vulnerability
>
>
> -------------------------------------------------------------
> ---------
>
> Monitor, Filter, and Manage Security Information
> - Filtering and Management of Secunia advisories
> - Overview, documentation, and detailed reports
> - Alerting via email and SMS
>
> Request Trial:
> https://ca.secunia.com/?f=l
>
> -------------------------------------------------------------
> ---------
>
> TITLE:
> Internet Explorer IFRAME Buffer Overflow Vulnerability
>
> SECUNIA ADVISORY ID:
> SA12959
>
> VERIFY ADVISORY:
> http://secunia.com/advisories/12959/
>
> CRITICAL:
> Extremely critical
>
> IMPACT:
> System access
>
> WHERE:
> From remote
>
> SOFTWARE:
> Microsoft Internet Explorer 6
> http://secunia.com/product/11/
>
> DESCRIPTION:
> A vulnerability has been reported in Internet Explorer,
> which can be exploited by malicious people to compromise a
> user's system.
>
> The vulnerability is caused due to a boundary error in the
> handling of certain attributes in the <DEFANGED_IFRAME> HTML
> tag. This can be exploited to cause a buffer overflow via a
> malicious HTML document containing overly long strings in
> the "SRC" and "NAME" attributes of the <DEFANGED_IFRAME> tag.
>
> Successful exploitation allows execution of arbitrary code.
>
> The vulnerability has been confirmed in the following versions:
> * Internet Explorer 6.0 on Windows XP SP1 (fully patched).
> * Internet Explorer 6.0 on Windows 2000 (fully patched).
>
> NOTE: This advisory has been rated "Extremely critical" as a
> working exploit has been published on public mailing lists.
>
> SOLUTION:
> The vulnerability does not affect systems running Windows XP
> with SP2 installed.
>
> Use another product.
>
> PROVIDED AND/OR DISCOVERED BY:
> Discovered by:
> ned
>
> Additional research and exploit by:
> Berend-Jan Wever
>
> -------------------------------------------------------------
> ---------
>
> About:
> This Advisory was delivered by Secunia as a free service to
> help everybody keeping their systems up to date against the
> latest vulnerabilities.
>
> Subscribe:
> http://secunia.com/secunia_security_advisories/
>
> Definitions: (Criticality, Where etc.)
> http://secunia.com/about_secunia_advisories/
>
>
> Please Note:
> Secunia recommends that you verify all advisories you
> receive by clicking the link.
> Secunia NEVER sends attached files with advisories.
> Secunia does not advise people to install third party
> patches, only use those supplied by the vendor.
>
> -------------------------------------------------------------
> ---------
>
> Unsubscribe: Secunia Security Advisories
> http://secunia.com/sec_adv_unsubscribe/?email=dan.smart%40vul.com
>
> -------------------------------------------------------------
> ---------
More information about the esd-l
mailing list