TUCoPS :: Browsers :: expl5173.htm

Internet Explorer remote buffer overflow
8th Mar 2002 [SBWID-5173]

	Internet Explorer remote buffer overflow


	IE 4 and above All Outlook html enbaled reders


	Microsoft [http://www.microsoft.com] said :

	An unchecked buffer exists in one of the functions that helps to  locate
	incompletely removed applications on the system.


	A successful attack would have the affect of either causing the  Windows
	Shell to crash, or causing code to run in the user\'s context.


	By default, this  is  not  remotely  exploitable.  However,  under  very
	unusual conditions, it could be exploited via a web page.

	This exploit was originally found  by  eeye  [http://www.eeye.com],  who
	has posted an advisory regarding this.




	Install AOL Instant messenger,  aim://  is  now  a  valid  url  handler,
	deinstall AIM and type in  your  web  browser  aim://<big  buffer>  :
	microsoft shell crash.


	Follow link below to get the patch :



TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH