Microsoft IE CSS Memory Corruption Arbitrary Command Execution

2004-10-12T17:18:16
ID OSVDB:10710
Type osvdb
Reporter OSVDB
Modified 2004-10-12T17:18:16

Description

Vulnerability Description

A remote overflow exists in Microsoft Internet Explorer. The mshtml.dll library in Internet Explorer fails to check the boundary within the processing of Cascading Style Sheets, resulting in a memory corruption. With a specially crafted webpage or HTML e-mail message, an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Microsoft Internet Explorer. The mshtml.dll library in Internet Explorer fails to check the boundary within the processing of Cascading Style Sheets, resulting in a memory corruption. With a specially crafted webpage or HTML e-mail message, an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Security Tracker: 1011639 Secunia Advisory ID:12806 Related OSVDB ID: 10708 Related OSVDB ID: 10709 Related OSVDB ID: 10705 Related OSVDB ID: 10704 Related OSVDB ID: 10706 Related OSVDB ID: 10707 Microsoft Security Bulletin: MS04-038 Microsoft Knowledge Base Article: 834707 Generic Exploit URL: http://www.securiteam.com/exploits/5NP042KF5A.html CVE-2004-0842