HOME > VULNERABILITY NOTES


   VULNERABILITY NOTES

CERT-In Vulnerability Note CIVN-2004-62
Microsoft Internet Explorer buffer overflow vulnerability via FRAME and IFRAME tags

Original Issue Date: Nov. 5, 2004
Updated on : Dec. 3, 2004

Severity: High

Systems Affected :

  • Internet Explorer 6.0 on Windows XP SP1
  • Internet Explorer 6.0 on Windows 2000

Overview

A vulnerability exists in Microsoft Internet Explorer (IE), which can be exploited by a malicious user to cause a Heap buffer overflow and compromise a user's system if exploited by a malicious user.

Impact

An attacker could execute malicious code with the privileges of the user and compromise the affected system

Description

The vulnerability exists specifically in the way IE handles the certain attributes like SRC and NAME of FRAME and IFRAME tags. The attacker uses JavaScript to create a large amount of heap-blocks filled with NOP-slides followed by the shellcode, causing IE to crash.

This vulnerability could be exploited by enticing a user to visit a specially crafted webpage or email (HTML) message, which may allow an attacker to execute arbitrary code with the privileges of the user.

Note: It has been observed that exploit codes for this vulnerability are available on the Internet. Antivirus vendors reported worms such as W32/Bofra-A, W32/Bofra-H, MyDoom.AK, W32/Mydoom.ag@MM and W32/Mydoom.ah@MM exploiting this vulnerability are spreading in the wild.

Workarounds

  • Set Internet and Local Intranet security zone settings to "High" to prompt before running ActiveX control and Active scripting in the Internet zone and in the Local Intranet zone.
  • Read emails in plain text format.
  • Visit only trusted links and sites
  • Maintain updated anti-virus software.

Solution

Apply appropriate patches as mentioned in Microsoft Security Bulletin MS04-040

It has been reported that this vulnerability does not affect users of Windows XP SP2.

Vendor Information

Microsoft Corporation
http://www.microsoft.com/technet/security/bulletin/MS04-040.mspx

References

US CERT Vulnerability Note VU#842160
http://www.kb.cert.org/vuls/id/842160

Securityfocus
http://www.securityfocus.com/archive/1/380175

Secunia Advisory SA12959
http://secunia.com/advisories/12959/

CVE Name
CAN-2004-1050

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information


Phone: +91 11-24368572

Postal address

Indian Computer Emergency Response Team (CERT-In)
Ministry of Communications and Information Technology
Electronics Niketan
6, C.G.O. Complex
New Delhi-110 003