HTTP: Microsoft Windows Hyperlink Buffer Overflow
A buffer overflow exists in the Microsoft Windows system library used to handle hyperlink objects. An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are processed when a user clicks on a hyperlink in a browser or in HTML-rendered email. An attacker who successfully exploits this vulnerability can execute code with the privileges of the currently logged in user. In a simple attack case, the attacker can terminate the application that is using the ActiveX hyperlink library. In a sophisticated attack, he can inject arbitrary code into the target. The behaviour of the target is dependent on the nature of the malicious code. The exploit executes with the privileges of the currently logged in user. If this account has elevated privileges, an attacker may take control of the target system.
Extended Description
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
Affected Products
Microsoft windows_98
Short Name
HTTP:MS-WINDOWS-HYPERLINK-BO
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2005-0057 Hyperlink Microsoft Overflow Windows bid:12479
Release Date
01/09/2012
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3761
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5