Title: Microsoft Internet Explorer Remote URLMON.DLL Buffer Overflow Vulnerability
Severity: HIGH
Description:
Microsoft has released Security Bulletin MS03-015 that contains details regarding a buffer overflow vulnerability in Internet Explorer. The problem occurs due to insufficient bounds checking when processing "Content-type" and "Content-encoding" parameters received from a web server.
The buffer overflow occurs in the URLMON.DLL library and may allow an attacker to overwrite sensitive locations in memory. Specifically when >300 bytes is passed as both "Content-type" and "Content-encoding" values of a HTTP header to the client, using an IMG tag, the excessive data will overrun the bounds of an internal buffer and corrupt an instruction pointer that is saved in adjacent memory. It should be noted that the vulnerable function in the URLMON.DLL library is executed upon visiting a site, allowing for potential exploitation by simply visiting a malicious web site.
Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on a target system. All commands executed in this manner would be run with the privileges of the user who invoked Internet Explorer.
This issue was first described in BID 7417 and is now being assigned a separate BID.
Affected Products:
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
- Microsoft Windows ME
- Microsoft Windows Server 2003 Datacenter Edition
- Microsoft Windows Server 2003 Datacenter Edition Itanium
- Microsoft Windows Server 2003 Enterprise Edition
- Microsoft Windows Server 2003 Enterprise Edition Itanium
- Microsoft Windows Server 2003 Standard Edition
- Microsoft Windows Server 2003 Web Edition
- Microsoft Windows XP Home
- Microsoft Windows XP Professional
References:
- Microsoft: Microsoft Security Bulletin MS03-015
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
