Microsoft IE document.getElementByID Crafted CSS Arbitrary Code Execution

2006-08-08T17:50:10
ID OSVDB:27855
Type osvdb
Reporter Sam Thomas()
Modified 2006-08-08T17:50:10

Description

Vulnerability Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a user accesses a malicious web site that contains JavaScript. It is possible that the flaw may allow to execute arbitrary code resulting in a loss of integrity.

Technical Description

The specific vulnerability exists due to improper handling of CSS class values. Accessing a specially crafted CSS element via document.getElementByID causes a memory corruption eventually leading to code execution.

Solution Description

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Disable active scripting.

Short Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a user accesses a malicious web site that contains JavaScript. It is possible that the flaw may allow to execute arbitrary code resulting in a loss of integrity.

References:

Security Tracker: 1016663 Secunia Advisory ID:21396 Related OSVDB ID: 27852 Related OSVDB ID: 27851 Related OSVDB ID: 27853 Related OSVDB ID: 27850 Related OSVDB ID: 27854 Other Advisory URL: http://www.zerodayinitiative.com/advisories/ZDI-06-027.html News Article: http://www.techworld.com/security/news/index.cfm?newsID=6581 Microsoft Security Bulletin: MS06-042 Microsoft Knowledge Base Article: 918899 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0146.html FrSIRT Advisory: ADV-2006-3212 CVE-2006-3450 CERT VU: 119180 Bugtraq ID: 19312