|
Microsoft Internet Explorer5.01 EMBED tag Long File Name Extension Stack Buffer OverflowVulnerabilit |
|
|
|
Por Marcelo Almeida (Vympel)
|
|
09 de dezembro de 2008 |
|
A iDEFENSE, publicou um alerta de segurança que afeta o Internet Explorer 5.01 até o 6.
Dependendo da versão do sistema operacional, esta falha pode gerar, desde um fechamento inesperado do browser ou até uma execução de comandos arbitrários.
Abaixo segue uma cópia do aviso original...
I. BACKGROUND
Internet Explorer is a graphical web browser developed by
Microsoft
Corp. that has been included with Microsoft Windows since 1995.
For
more information about Internet Explorer, please the visit
following
website: http://www.microsoft.com/ie/
II.
DESCRIPTION
Remote exploitation of a stack buffer overflow vulnerability
while
handling specific HTML tags in Microsoft Corp.'s Internet Explorer
web
browser allows attackers to execute arbitrary code within the
context
of the affected user.
On Internet Explorer 5.01 a function
return address can be overwritten
with attacker controlled data which results
in an exploitable
condition. However on Internet Explorer 6 the vulnerability
will only
overflow one byte. For Internet Explorer 6 on Windows 2000
platform,
the overflowed byte is in a local variable, and overwriting it
doesn't
affect program execution at all. For Internet Explorer 6 on Windows
XP
SP2, the overflowed byte is in the stack cookie, which causes
Internet
Explorer to terminate and only results in a denial of
service.
III. ANALYSIS
Successful exploitation of this
vulnerability would allow an attacker to
execute arbitrary code in the
context of the user running the Internet
Explorer. However, the execution of
arbitrary code is only possible on
Windows 2000 SP4 running Internet Explorer
5.01.
Exploitation would require an attacker to persuade a user to visit
a
malicious website using Internet Explorer.
IV. DETECTION
As
of September 2008, iDefense confirms that Internet Explorer 5.01 on
Windows
2000 SP4, is vulnerable. It also causes denial of service for
Internet
Explorer 6 on Windows XP SP2. Internet Explorer 7 is not
affected.
V.
WORKAROUND
iDefense is not aware of any effective workaround for this
issue.
Customers are encouraged to upgrade Internet Explorer to version 6
or
above.
VI. VENDOR RESPONSE
Microsoft has released a patch
which addresses this issue. For more
information, consult their advisory at
the following URL.
http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx
Microsoft
recommends that customers apply the update immediately.
VII. CVE
INFORMATION
The Common Vulnerabilities and Exposures (CVE) project has
assigned the
name CVE-2008-4261 to this issue. This is a candidate for
inclusion in
the CVE list (http://cve.mitre.org/), which standardizes
names for
security problems.
VIII. DISCLOSURE
TIMELINE
08/26/2008 Initial Vendor Notification
08/26/2008 Initial
Vendor Reply
09/24/2008 Additional Vendor Feedback
12/02/2008 Additional
Vendor Feedback
12/09/2008 Coordinated Public Disclosure
IX.
CREDIT
This vulnerability was discovered by Jun Mao of iDefense
Labs.
Get paid for vulnerability research
http://labs.idefense.com/methodology/vulnerability/vcp.php
Free
tools, research and upcoming events
http://labs.idefense.com/
Aviso original:
http://labs.idefense.com/intelligence/vulnerabilities/
|
