HTTP: Internet Explorer OBJECT Tag Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer 6.0 SP1 and earlier. Attackers can send malicious HTTP data to a target; when the target downloads the malicious Web page or connects to the malicious Web server, the attacker can execute arbitrary commands on the target host.
Extended Description
Microsoft Internet Explorer is prone to a boundary condition error when handling OBJECT tags in web pages. When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. This could cause Internet Explorer to fail or potentially result in the execution arbitrary code in the security context of the current user.
Affected Products
Microsoft internet_explorer
References
BugTraq: 7806
CVE: CVE-2003-0344
URL: http://www.microsoft.com/technet/security/bulletin/MS03-020.mspx
Short Name
HTTP:STC:IE:OBJECT-OF
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Buffer CVE-2003-0344 Explorer Internet OBJECT Overflow Tag bid:7806
Release Date
10/16/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Microsoft
CVSS Score
7.5