Info

Disclosure

Mar 16, 2006

Discovery

Unknown

Dates

Exploit

Mar 16, 2006

Solution

Unknown

Description

Remote overflow exists in Microsoft Internet Explorer. The product fails to properly check bounds for handling HTML tags with multiple event handlers resulting in a buffer overflow. With a specially crafted HTML document, an attacker can cause affected web browsers to crash or remote code execution resulting in a loss of integrity, and/or availability.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation	Internet Explorer	6.0 SP2
		7.0 beta 2
		7.0 beta 1

References

Security Tracker: 1015794
Bugtraq ID: 17131
Secunia Advisory ID: 18957 19269
CVE ID: 2006-1245 (see also: NVD)
SCIP VulDB ID: 2089
ISS X-Force ID: 25292
Microsoft Knowledge Base Article: 912812
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-03/0303.html
http://archives.neohapsis.com/archives/bugtraq/2006-03/0304.html
http://archives.neohapsis.com/archives/bugtraq/2006-03/0310.html
http://archives.neohapsis.com/archives/bugtraq/2006-03/0325.html
http://archives.neohapsis.com/archives/bugtraq/2006-12/0048.html
Generic Exploit URL: http://lcamtuf.coredump.cx/iedie.html
Other Solution URL: http://snort.org/rules/advisories/ie-issue-js-v2.txt
Microsoft Security Bulletin: MS06-013

Credit

Michal Zalewski - lcamtufdione.ids.pl - Personal page

Direct URL: http://osvdb.org/23964

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit