Microsoft Internet Explorer HTML conversion library buffer overflow
| ie-html-bo (12444) |  High Risk |
Description:
Microsoft Internet Explorer is vulnerable to a stack-based buffer overflow in the HTML conversion library (html32.cnv). By creating a Web page or file containing malicious script, a remote attacker could overflow a buffer and cause Internet Explorer to crash or possibly execute arbitrary code on the system with privileges of the victim, once the Web page is viewed or the file is opened. An attacker could exploit this vulnerability by hosting the malicious Web page or file on a Web site or by sending it to a victim as an HTML email.
Consequences:
Gain Access
Remedy:
Apply the appropriate patch for your system, as listed in Microsoft Security Bulletin MS03-023. See References.
References:
- BugTraq Mailing List, Mon Jun 23 2003 - 11:43:06 CDT: Re: Internet Explorer >=5.0 : Buffer overflow.
- BugTraq Mailing List, Sat Jun 21 2003 - 19:58:21 CDT : Internet Explorer >=5.0 : Buffer overflow.
- CERT Advisory CA-2003-14: Buffer Overflow in Microsoft Windows HTML Conversion Library.
- CIAC Information Bulletin N-114: Buffer Overrun in Microsoft HTML Converter Could Allow Code Execution.
- Microsoft Knowledge Base Article 823559: MS03-023: Buffer Overrun in the HTML Converter Could Allow Code Execution.
- Microsoft Security Bulletin MS03-023: Buffer Overrun In HTML Converter Could Allow Code Execution (823559).
- BID-8016: Microsoft Windows HTML Converter HR Align Buffer Overflow Vulnerability
- CVE-2003-0469: Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows operating systems allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via cut-and-paste operation, as demonstrated in Internet Explorer 5.0 using a long align argument in an HR tag.
- US-CERT VU#823260: Microsoft Windows HTML conversion library vulnerable to buffer overflow
Platforms Affected:
- Microsoft Internet Explorer 5.0
- Microsoft Internet Explorer 6
- Microsoft Windows 2003 Server
Reported:
Jun 21, 2003
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net