Microsoft IE FRAME/IFRAME/EMBED Tag Overflow

2004-10-25T14:08:10
ID OSVDB:11337
Type osvdb
Reporter Ned(nd@felinemenace.org)
Modified 2004-10-25T14:08:10

Description

Vulnerability Description

A local overflow exists in Internet Explorer. The Shell Doc Object and Control Library, or SHDOCVW.DLL, fails to validate the NAME property within the FRAME, IFRAME, and EMBED tags, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in Internet Explorer. The Shell Doc Object and Control Library, or SHDOCVW.DLL, fails to validate the NAME property within the FRAME, IFRAME, and EMBED tags, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1012049 Secunia Advisory ID:12959 Other Advisory URL: http://www.finjan.com/SecurityLab/AttackandExploitReports/alert_show.asp?attack_release_id=114 Microsoft Security Bulletin: MS04-040 Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=109859547202034&w=2 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-11/0018.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0033.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0035.html Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=109811280929330&w=2 Keyword: Mydoom.ah Keyword: Mydoom.ai ISS X-Force ID: 17889 Generic Informational URL: http://www.symantec.com/avcenter/venc/data/w32.mydoom.ah@mm.html Generic Informational URL: http://www.symantec.com/avcenter/venc/data/w32.mydoom.ai@mm.html Generic Exploit URL: http://www.milw0rm.com/id.php?id=612 Generic Exploit URL: http://www.k-otik.com/exploits/20041102.InternetExploiter.htm.php CVE-2004-1050 CERT VU: 842160 CERT: TA04-336A CERT: TA04-315A Bugtraq ID: 11515