Info

Disclosure

Jan 10, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

A remote overflow exists in Microsoft Internet Explorer. The Microsoft Internet Explorer fails to check integer bounds resulting in a integer overflow. With a specially crafted request, an attacker can cause corrupted heap memory resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Disclosure: OSVDB Verified

Solution

Upgrade to version 5.5 or higher, as it has been reported to fix this vulnerability. In addition, Microsoft has released a patch for some older versions.

Products

Microsoft Corporation

Internet Explorer

5.0.1 SP4

References

Bugtraq ID: 16516
Secunia Advisory ID: 18729 18912
CVE ID: 2006-0020 (see also: NVD)
SCIP VulDB ID: 2034
CERT VU: 312956
Microsoft Knowledge Base Article: 910620 913333
VUPEN Advisory: ADV-2006-0469
Mail List Post: http://linuxbox.org/pipermail/funsec/2006-January/002828.html
Vendor Specific Advisory URL: http://support.avaya.com/elmodocs2/security/ASA-2006-047.htm
http://www.microsoft.com/technet/security/advisory/913333.mspx
Other Advisory URL: http://vil.nai.com/vil/content/v_138553.htm
News Article: http://www.computerworld.com/securitytopics/security/story/0,10801,108700,00.html
http://www.networkworld.com/news/2006/020806-microsoft-bugs.html
Microsoft Security Bulletin: MS06-004

Credit

H D Moore - hdmmetasploit.com - DigitalOffense

Direct URL: http://osvdb.org/22976