240 matches found
Microsoft Windows MHTML超长URI串溢出漏洞(MS06-043)
Microsoft Windows是微软发布的非常流行的操作系统。 inetcomm.dll在使用"mhtml:" URI解析器处理URL时存在栈溢出漏洞,成功利用此漏洞的攻击者可以完全控制受影响的系统。 攻击者可以通过超长的URL来触发这个漏洞,如诱骗用户通过Internet Explorer打开恶意的站点或打开特制的Internet快捷方式。 Microsoft Windows XP SP2 Microsoft Windows XP Professional x64 Edition Microsoft Windows Server 2003 x64 Edition Microsoft...
Internet Explorer 7 “mhtml:”重新定向信息泄露漏洞
Internet Explorer 7是微软最新发布的WEB浏览器。 IE 7在处理 “mhtml:” 格式的URI重新定向时存在漏洞,远程攻击者可能利用此漏洞强制用户访问其他站点上的文件。 Microsoft Internet Explorer 7.0 临时解决方法: 禁用活动脚本。 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp...
Internet Explorer 7 “mhtml:”重新定向信息泄露漏洞
Internet Explorer 7是微软最新发布的WEB浏览器。 IE 7在处理 “mhtml:” 格式的URI重新定向时存在漏洞,远程攻击者可能利用此漏洞强制用户访问其他站点上的文件。 Microsoft Internet Explorer 7.0 临时解决方法: 禁用活动脚本。 厂商补丁: Microsoft --------- 目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: http://www.microsoft.com/windows/ie/default.asp...
Update Protection against Microsoft Windows MHTML Remote Code Execution Vulnerability (MS06-043)
Several Microsoft Windows applications are prone to a buffer overflow vulnerability. Microsoft Internet Explorer, Windows Explorer and Outlook Express 6 fail to properly process overly long MHTML URLs. MHTML is an Internet standard that defines the MIME structure used to send HTML content in e-ma...
IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net
Author: yunshuAtph4nt0m.org Team: http://www.ph4nt0m.org Data: 2006-05-11 This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the IE...
Microsoft Windows fails to properly parse the MHTML protocol
Overview Microsoft Windows fails to properly handle MHTML. This vulnerability may allow a remote attacker to execute arbitrary code on a vulnerable system. Description MHTML According to Microsoft Security Bulletin MS06-043: MHTML extends HTML to embed encoded objects, such as images, in the HTML...
inetconnCrash.txt
DEFAULT BASEURL= InternetShortcut...
Buffer overflow
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service application crash via a long mhtml URI in the URL value in a URL file...
CVE-2006-2766
Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service application crash via a long mhtml URI in the URL value in a URL file...
CVE-2006-2766
CVE-2006-2766 describes a Buffer Overflow in MHTML parsing within Windows components that impacts Microsoft Internet Explorer 6 (up to SP2), Windows Explorer, and Outlook Express 6. The vulnerability is triggered by processing a long MHTML URI value in a URL file, allowing remote user-assisted at...
Microsoft Windows MHTML URI Buffer Overflow Vulnerability
Description Microsoft Windows is prone to a remote buffer-overflow vulnerability in 'INETCOMM.DLL'. The library fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer. Remote attackers may exploit this issue to execute arbitrary machin...
Microsoft Windows XP20002003 - MHTML URI Buffer Overflow (PoC)
Microsoft Windows XP20002003 - MHTML URI Buffer Overflow PoC source: https://www.securityfocus.com/bid/18198/info DEFAULT BASEURL= InternetShortcut...
Microsoft Windows XP/2000/2003 - MHTML URI Buffer Overflow (PoC)
source: https://www.securityfocus.com/bid/18198/info DEFAULT BASEURL= InternetShortcut...
IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net
Article submission: ph4yunshu wustyunshuathotmail.com IE mhtml redirection vulnerability using the method Author: yunshuAtph4nt0m.org Team: http://www.ph4nt0m.org Data: 2006-05-11 This vulnerability is primarily an information leak, seethe specific description. In order to ensure client safety, t...
Update Protection against Microsoft Internet Explorer mhtml Redirection Vulnerability
A vulnerability has been identified in Microsoft Internet Explorer. Internet Explorer fails to properly validate "mhtml:" URL redirections. This could be exploited by a remote attackers to access sensitive information on behalf of the target user...
IE mhtml redirection vulnerability using the method-vulnerability warning-the black bar safety net
Article author: yunshuAtph4nt0m.org Information source: http://www.ph4nt0m.org This vulnerability is primarily an information leak, see http://secunia. com/advisories/1 9 7 3 8/specific description. In order to ensure client safety, the xmlhttp is not cross-domain access to information. But the I...
Information disclosure
A component in Microsoft Outlook Express 6 allows remote attackers to bypass domain restrictions and obtain sensitive information via redirections with the mhtml: URI handler, as originally reported for Internet Explorer 6 and 7, aka "URL Redirect Cross Domain Information Disclosure Vulnerability...
Microsoft Internet Explorer crossite access
Script from one site can access content of the page from different site with mhtml: URI handler...
[SA19738] Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information
TITLE: Internet Explorer "mhtml:" Redirection Disclosure of Sensitive Information SECUNIA ADVISORY ID: SA19738 VERIFY ADVISORY: http://secunia.com/advisories/19738/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Microsoft Internet Explorer 6.x...
Outlook Express 5.5/6.0 / Windows Mail - MHTML URI Handler Information Disclosure
source: https://www.securityfocus.com/bid/17717/info Outlook Express and Windows Mail are prone to a cross-domain information-disclosure vulnerability. This vulnerability may let a malicious website access properties of a site in an arbitrary external domain in the context of the victim user's...