Microsoft Internet Explorer Object Tag Flaw Lets Remote Users Execute Arbitrary Code
|
|
SecurityTracker Alert ID: 1007537
|
|
CVE Reference: CAN-2002-0532
(Links to External Site)
|
Date: Aug 20 2003
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.01, 5.5, 6.0
|
Description: A vulnerability was reported in Microsoft Internet Explorer (IE) in the processing of a certain object type. A remote user can cause arbitrary code to be executed on the target user's computer.
It is reported that IE does not properly determine an object type returned from a web server. A remote user can create HTML that,
when loaded, will cause arbitrary code to be executed on a target user's system. According to the report, IE does not properly
validate a certain parameter in an HTTP response. The response can point to a specific type of file to cause an object to be scripted
and executed.
Microsoft credits eEye Digital Security with reporting this flaw.
|
Impact: A remote user can create HTML that, when loaded, will cause arbitrary code to be executed on the target user's computer with the privileges of the target user.
|
Solution: Microsoft has issued the following cumulative patch.
For all versions except Microsoft Internet Explorer 6.0 for Windows Server
2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp
For Microsoft Internet Explorer 6.0 for Windows
Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925s/default.asp
The appropriate patch can be installed
on IE 5.01 running on Windows 2000 systems with SP3 or SP4 installed, IE 5.5 SP2, IE 6.0 Gold, and IE 6.0 SP1.
This patch will
reportedly be included in Windows XP SP2 and Windows Server 2003 SP1.
A reboot is required after installing this patch.
This
patch supersedes the one reported in MS03-020.
See the vendor advisory for some important caveats regarding the HTML Help feature.
Microsoft
plans to issue Knowledge Base article 822925 regarding this issue, to be available shortly on the Microsoft Online Support web site:
http://support.microsoft.com/defau
lt.aspx?scid=kb;en-us;822925
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-032.asp (Links to External Site)
|
Cause: Input validation error, State error
|
Underlying OS: Windows (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Wed, 20 Aug 2003 14:20:57 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
|
Microsoft Security Bulletin MS03-032
Cumulative Patch for Internet Explorer (822925)
Originally posted: August 20, 2003
Maximum Severity Rating: Critical
Affected Versions:
* Microsoft Internet Explorer 5.01
* Microsoft Internet Explorer 5.5
* Microsoft Internet Explorer 6.0
* Microsoft Internet Explorer 6.0 for Windows Server 2003
CVE: CAN-2003-0530, CAN-2003-0531, CAN-2002-0532
Two vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can
cause arbitrary code to be executed on a target user's system.
It is reported that a flaw in the IE cross-domain security model may allow a remote user
to cause scripting code to be executed in the My Computer zone (CVE CAN-2003-0531). A
remote user can create HTML that, when loaded by the target user, will trigger the flaw.
The flaw reportedly involves the method that IE uses to load files from the browser cache.
A remote user can exploit this flaw to execute existing files on the system or to view
arbitrary files on the system.
Microsoft credits Yu-Arai of LAC for reporting this flaw.
It is also reported that IE does not properly determine an object type returned from a web
server (CAN-2002-0532). A remote user can create HTML that, when loaded, will cause
arbitrary code to be executed on a target user's system. According to the report, IE does
not properly validate a certain parameter in an HTTP response. The reponse can point to a
specific type of file to cause an object to be scripted and executed.
Microsoft credits eEye Digital Security with reporting this flaw.
It is also reported that the CR549.DLL ActiveX control contains a security vulnerability
(CAN-2003-0530). This obsolete control supports the Windows Reporting Tool, which is no
longer supported by IE. The control contains a buffer overflow that may allow remote
users to execute arbitrary code on the target user's system when the target user loads
malicious HTML.
Microsoft credits Greg Jones from KPMG UK for reporting this flaw.
Microsoft has issued a cumulative patch.
For all version except Microsoft Internet Explorer 6.0 for Windows Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp
For Microsoft Internet Explorer 6.0 for Windows Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925s/default.asp
The appropriate patch can be installed on IE 5.01 running on Windows 2000 systems with SP3
or SP4 installed, IE 5.5 SP2, IE 6.0 Gold, and IE 6.0 SP1.
This patch will reportedly be included in Windows XP SP2 and Windows Server 2003 SP1.
A reboot is required after installing this patch.
This patch supersedes the one reported in MS03-020.
See the vendor advisory for some important caveats regarding the HTML Help feature.
Microsoft plans to issue Knowledge Base article 822925 regarding this issue, to be
available shortly on the Microsoft Online Support web site:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822925
|
|
