Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems

2003-08-2600:00:00

www.kb.cert.org

0.97 High

EPSS

Percentile

99.7%

JSON

Overview

Certain versions of Microsoft Internet Explorer (IE) that support double-byte character sets (DBCS) contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE.

Description

Microsoft Security Bulletin MS03-032 and SNS Advisory No.68 describe a buffer overflow vulnerability in the Type attribute of the OBJECT element. This vulnerability only affects double-byte character set versions of IE (e.g. Japanese) and may be related to VU#679556/CAN-2003-0344/MS030-020.

Impact

By convincing a victim to view an HTML document (web site, HTML email message), a remote attacker could execute arbitrary code with the privileges of the victim.

Solution

Apply patch

Apply 822925 or a more recent cumulative patch for IE. See Microsoft Security Bulletin MS03-032.

Vendor Information

334928

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Javascript is disabled. Click here to view vendors.

Microsoft Corporation __ Affected

Notified: August 25, 2003 Updated: August 25, 2003

Status

Affected

Vendor Statement

Please see Microsoft Security Bulletin MS03-032.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23334928 Feedback>).