Microsoft IE createControlRange() Function Heap Corruption

2005-02-08T00:00:00
ID OSVDB:13606
Type osvdb
Reporter Andreas Sandblad(as@secunia.com)
Modified 2005-02-08T00:00:00

Description

Vulnerability Description

A remote overflow exists in Windows. Internet Explorer fails to validate the buffer used when processing some DHTML methods resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

A remote overflow exists in Windows. Internet Explorer fails to validate the buffer used when processing some DHTML methods resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1013125 Secunia Advisory ID:11165 Microsoft Security Bulletin: ms05-014 Microsoft Knowledge Base Article: 867282 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-02/0183.html CVE-2005-0055 CERT VU: 843771 CERT: TA05-039A Bugtraq ID: 12427