Info

Disclosure

Oct 12, 2004

Discovery

Unknown

Dates

Exploit

Mar 09, 2005

Solution

Unknown

Description

A remote overflow exists in Microsoft Internet Explorer. The mshtml.dll library in Internet Explorer fails to check the boundary within the processing of Cascading Style Sheets, resulting in a memory corruption. With a specially crafted webpage or HTML e-mail message, an attacker can execute arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation	Internet Explorer	5.5
		6.0
		6.0 SP1

References

Security Tracker: 1011639
Related OSVDB ID: 10704 10705 10706 10707 10708 10709
Secunia Advisory ID: 12806
CVE ID: 2004-0842 (see also: NVD)
SCIP VulDB ID: 745 892
Microsoft Knowledge Base Article: 834707
Generic Exploit URL: http://www.securiteam.com/exploits/5NP042KF5A.html
Microsoft Security Bulletin: MS04-038

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/10710

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit