Microsoft Internet Explorer URL validation routine contains a buffer overflow

Overview A vulnerability in Microsoft Internet Explorer could allow a remote attacker to execute arbitrary code on a vulnerable system. Description Microsoft Internet Explorer IE contains an unspecified vulnerability in the way that it handles certain URLs. The process that checks the URL contain...

Microsoft Internet Explorer Content Advisor contains a buffer overflow

Overview A buffer overflow in Microsoft Internet Explorer Content Advisor may allow a remote attacker to execute arbitrary code on a vulnerable system. Description The Content Advisor is used to control what content is viewable in Internet Explorer. A buffer overflow exists in the routines that...

Microsoft Internet Explorer contains a DHTML method heap memory corruption vulnerability

Overview Microsoft Internet Explorer contains a flaw in DHTML method handling which may allow a remote attacker to execute arbitrary code. Description The DHTML method handling in Internet Explorer fails to perform proper bounds checking. This vulnerability may allow data to be written outside th...

msieLocalFile.txt

Microsoft Internet Explorer permits to examine the existence of local files Description: There is a security bug in Microsoft Internet Explorer, which allows to check up existence of local files in system directories Root C:/, WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND, Internet Explorer...

Microsoft Internet Explorer permits to examine the existence of local files

Microsoft Internet Explorer permits to examine the existence of local files Description: There is a security bug in Microsoft Internet Explorer, which allows to check up existence of local files in system directories Root C:/, WINDOWS, SYSTEM, SYSTEM32, DESKTOP, COMMAND, Internet Explorer...

Microsoft Internet Explorer vulnerable to buffer overflow via FRAME and IFRAME elements

Overview Microsoft Internet Explorer IE contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE. Description A heap buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of HTML elements...

Microsoft Internet Explorer does not properly handle function redirection

Overview Microsoft Internet Explorer IE fails to properly validate redirected functions. The impact is similar to that of a cross-site scripting vulnerability, which allows an attacker to access data in other sites, including the Local Machine Zone. Description IE features Active scripting, the...

Microsoft Internet Explorer Install Engine contains a buffer overflow vulnerability

Overview The Active Setup Install Engine in Microsoft Internet Explorer contains a buffer overflow vulnerability. This may allow an attacker to take complete control of a vulnerable system. Description The Active Setup Install Engine inseng.dll permits cabinet files to be launched and executed...

[SA12765] Microsoft Internet Explorer Disclosure of Sensitive XML Information

TITLE: Microsoft Internet Explorer Disclosure of Sensitive XML Information SECUNIA ADVISORY ID: SA12765 VERIFY ADVISORY: http://secunia.com/advisories/12765/ CRITICAL: Less critical IMPACT: Exposure of sensitive information WHERE: From remote SOFTWARE: Microsoft Internet Explorer 6...

MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability

Note: This vulnerability and many more can be found at http://www.greyhats.cjb.net SimliarMethodNameRedir Automatic Remote Compromise Tested IEXPLORE.EXE file version 6.0.2800.1106 MSHTML.DLL file version 6.00.2800.1400 Microsoft Windows XP sp2 Discussion At first I thought this vulnerability had...

HijackClickV2 - a successor of HijackClick attack

HijackClickV2 - a successor of HijackClick attack tested OS:Win2k3,CN version IE: with MS03-048 installed. OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview After applying MS03-048, the original HijackClick exploit doesn't work any more. With method...

IE Remote Compromise by Getting Cache Location

IE Remote Compromise by Getting Cache Location tested OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview With the help of LocalZoneInCacherefer to "technical details" part, an attacker can compromise a user's system even though the user has: 1. Customized I...

New "Clean" IE Remote Compromise

tested OS:Win2k3,CN version IE: with MS03-048 installed. OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview By combining several vulnerabilities in Internet Explorer, an attacker can execute his EXE file on victim's system. "Clean" means: there is no old...

Cache Disclosure Leads to MYCOMPUTER Zone and Remote Compromise

Cache Disclosure Leads to MYCOMPUTER Zone and Remote Compromise tested OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview By combining cache file disclosure and several other unpatched vulnerabilties, an malicious INTERNET page can reach MYCOMPUTER zone. Th...

BackToFramedJpu - a successor of BackToJpu attack

BackToFramedJpu - a successor of BackToJpu attack tested OS:Win2k3,CN version IE: with MS03-048 installed. OS:WinXp, CN version Microsoft Internet Explorer v6.Sp1; up-to-date on 2003/11/16 overview A cross-zone scripting vulnerability has been found in Internet Explorer. If a webpage contains som...

Adobe SVG Viewer Active Scripting Bypass (GM#002-MC)

GreyMagic Security Advisory GM002-MC ===================================== By GreyMagic Software, Israel. 07 Oct 2003. Available in HTML format at http://security.greymagic.com/adv/gm002-mc/. Topic: Adobe SVG Viewer Active Scripting Bypass. Discovery date: 19 Aug 2003. Affected applications:...

Re: BAD NEWS: Microsoft Security Bulletin MS03-032

The patch for Drew's object data=funky.hta doesn't work: This is the exact same issue as http://greymagic.com/adv/gm001-ie/, which explains the problem in detail. Microsoft again patches the object element in HTML, but it doesn't patch the dynamic version of that same element. 1. Disable Active...

[Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032

Since the cat somehow got out of the bag, and more importantly, this is so blatantly obvious, herewith is the "Bad News": The patch for Drew's object data=funky.hta doesn't work: http://www.malware.com/badnews.html script var oPopup = window.createPopup; function showPopup...

TEXT/PLAIN: ALERT("OUTLOOK EXPRESS")

Friday, July 25, 2003 Active Scripting and HTML in a plain text mail message: MIME-Version: 1.0 Content-Type: text/plain; Content-Transfer-Encoding: 7bit X-Source: 25.07.03 http://www.malware.com img dynsrc=javascript:alertfont color=redfoo The above is a legitimate RFC822 mail message in plain...

Microsoft Internet Explorer does not adequately validate references to cached objects and methods

Overview Microsoft Internet Explorer does not adequately validate references to cached objects and methods across domains and security zones. The impact is similar to that of a cross-site scripting vulnerability, allowing an attacker to access data in other sites, including the Local Computer zon...