Info

Disclosure

Sep 07, 2003

Discovery

Unknown

Dates

Exploit

Sep 07, 2003

Solution

Unknown

Description

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitary commands on a user's system. The issue is triggered when a user accesses a maliciously crafted HTML page. It is possible that the flaw may allow execution of arbitary commands resulting in a loss of confidentiality, integrity, and/or availability.

Classification

Location: Remote / Network Access, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Microsoft has released a patch to address this issue. Additionally, it is possible to correct the flaw by implementing the following workaround(s): Disable execution of activeX controls

Products

Microsoft Corporation	Internet Explorer	6.0
		5.x
		6.0 SP1

References

ISS X-Force ID: 13314
CVE ID: 2003-0838 (see also: NVD)
Bugtraq ID: 8556
Keyword: aolfix.exe different vulnerability than CAN-2003-0532 QHosts Trojan horse QHosts-1 Trojan.Qhosts VBS.QHOSTS
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2003-09/0107.html
Generic Exploit URL: http://www.malware.com/badnews.html
Microsoft Security Bulletin: MS03-040
CIAC Advisory: n-135 o-002

Credit

http-equiv - http-equivexcite.com -

Direct URL: http://osvdb.org/7872

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Microsoft Corporation

Internet Explorer

References

Credit