OSVDB ID: 27109

Title: Microsoft IE DXImageTransform.Microsoft.Gradient Multiple Property Overflow

Info

Disclosure

Jul 17, 2006

Discovery

Unknown

Dates

Exploit

Jul 17, 2006

Solution

Unknown

Description

A remote overflow exists in Internet Explorer. A specialy crafted HTML page using client-side script with the ActiveX object "DXImageTransform.Microsoft.Gradient.1" could cause the browser to crash, and potentially lead to arbitrary code execution. This is due to MSIE failing to handle large values in the "StartColorStr" and "EndColorStr" properties of the ActiveX object resulting in a stack overflow.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Solution: Solution Unknown
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Microsoft Corporation

Internet Explorer

References

Bugtraq ID: 19029
CVE ID: 2006-3657 (see also: NVD)
Metasploit ID: 27109
VUPEN Advisory: ADV-2006-2832
Other Advisory URL: http://browserfun.blogspot.com/2006/07/mobb-17-dximagetransformmicrosoftgradi.html
Generic Exploit URL: http://metasploit.com/users/hdm/tools/browserfun/mobb_017.html
Keyword: MoBB #17

Credit

H D Moore - hdmmetasploit.com - DigitalOffense

Direct URL: http://osvdb.org/27109