Microsoft Internet Explorer HTML conversion library buffer overflow
| ie-html-bo (12444) |  High Risk |
Description:
Microsoft Internet Explorer is vulnerable to a stack-based buffer overflow in the HTML conversion library (html32.cnv). By creating a Web page or file containing malicious script, a remote attacker could overflow a buffer and cause Internet Explorer to crash or possibly execute arbitrary code on the system with privileges of the victim, once the Web page is viewed or the file is opened. An attacker could exploit this vulnerability by hosting the malicious Web page or file on a Web site or by sending it to a victim as an HTML email.
Platforms Affected:
- Microsoft, Internet Explorer 5.0
- Microsoft, Internet Explorer 6
- Microsoft, Windows 2003 Server
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS03-023. See References.
Consequences:
Gain Access
References:
- BugTraq Mailing List, Mon Jun 23 2003 - 11:43:06 CDT, Re: Internet Explorer >=5.0 : Buffer overflow at http://archives.neohapsis.com/archives/bugtraq/2003-06/0198.html.
- BugTraq Mailing List, Sat Jun 21 2003 - 19:58:21 CDT , Internet Explorer >=5.0 : Buffer overflow at http://archives.neohapsis.com/archives/bugtraq/2003-06/0173.html.
- CERT Advisory CA-2003-14, Buffer Overflow in Microsoft Windows HTML Conversion Library at http://www.cert.org/advisories/CA-2003-14.html.
- CIAC Information Bulletin N-114, Buffer Overrun in Microsoft HTML Converter Could Allow Code Execution at http://www.ciac.org/ciac/bulletins/n-114.shtml.
- Microsoft Knowledge Base Article 823559, MS03-023: Buffer Overrun in the HTML Converter Could Allow Code Execution at http://support.microsoft.com/default.aspx?scid=kb;en-us;823559.
- Microsoft Security Bulletin MS03-023, Buffer Overrun In HTML Converter Could Allow Code Execution (823559) at http://www.microsoft.com/technet/security/bulletin/ms03-023.mspx.
- BID-8016: Microsoft Windows HTML Converter HR Align Buffer Overflow Vulnerability
- CVE-2003-0469: Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long align argument in an HR tag.
- US-CERT VU#823260: Microsoft Windows HTML conversion library vulnerable to buffer overflow
Reported:
Jun 21, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net