Microsoft IE Image Tag Arbitrary Script Execution (HijackClick 3)

2004-10-12T17:18:16
ID OSVDB:10708
Type osvdb
Reporter OSVDB
Modified 2004-10-12T17:18:16

Description

Vulnerability Description

Internet Explorer contains a flaw in the function which processes scripts in image tags that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user visits a malicious web page or views an HTML mail using the popup.show method. This flaw allows execution of arbitrary code on the victim's machine leading to a loss of Integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Internet Explorer contains a flaw in the function which processes scripts in image tags that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user visits a malicious web page or views an HTML mail using the popup.show method. This flaw allows execution of arbitrary code on the victim's machine leading to a loss of Integrity.

References:

Secunia Advisory ID:12806 Related OSVDB ID: 10709 Related OSVDB ID: 10710 Related OSVDB ID: 10705 Related OSVDB ID: 10704 Related OSVDB ID: 10706 Related OSVDB ID: 10707 Other Advisory URL: http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0498.html Microsoft Security Bulletin: MS04-038 Microsoft Knowledge Base Article: 834707 Keyword: AKA HijackClick 3 ISS X-Force ID: 16675 Generic Exploit URL: http://freehost07.websamba.com/greyhats/hijackclick3.htm CVE-2004-0841 CIAC Advisory: p-006 Bugtraq ID: 10690