Microsoft IE RDS.DataControl SysAllocStringLen Invalid Length Issue

2006-07-07T00:00:00
ID OSVDB:26955
Type osvdb
Reporter H D Moore(hdm@metasploit.com)
Modified 2006-07-07T00:00:00

Description

Vulnerability Description

A local overflow exists in Internet Explorer 6. The browser fails to control length boundaries of the 'URL' attribute of the 'RDS.DataControl' object resulting in a page violation/heap overflow. This may allow an attacker to crash the browser or execute arbitrary code.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in Internet Explorer 6. The browser fails to control length boundaries of the 'URL' attribute of the 'RDS.DataControl' object resulting in a page violation/heap overflow. This may allow an attacker to crash the browser or execute arbitrary code.

References:

Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-8-rdsdatacontrol-url.html ISS X-Force ID: 27621 Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_008.html Generic Exploit URL: http://www.securityfocus.com/data/vulnerabilities/exploits/msie-rds.datacontrol-dos.txt FrSIRT Advisory: ADV-2006-2718 CVE-2006-3510 Bugtraq ID: 18900