Microsoft Internet Explorer Error in 'mshtml.dll' in Processing GIF Files Lets Remote Users Crash the Browser
|
|
SecurityTracker Alert ID: 1010827
|
|
SecurityTracker URL: http://securitytracker.com/id?1010827
|
|
CVE Reference: CAN-2003-1048
(Links to External Site)
|
Date: Jul 30 2004
|
Impact: Denial of service via network, Execution of arbitrary code via network, User access via network
|
Exploit Included: Yes
|
Version(s): 6
|
Description: A vulnerability was reported in Microsoft Internet Explorer in 'mshtml.dll' in the processing of GIF files. A remote user can cause the target user's browser to crash.
In September 2003, Marc Ruef reported that a specially crafted GIF file can cause Internet Explorer to crash.
It may be possible to execute arbitrary code, but that was not confirmed in the original report.
|
Impact: A remote user can create a GIF file that, when loaded, will cause the target user's browser to crash or potentially execute arbitrary code [however, arbitrary code execution was not confirmed in the report].
|
Solution: No solution was available at the time of the original report.
|
Vendor URL: www.microsoft.com/technet/security/ (Links to External Site)
|
Cause: Not specified
|
Underlying OS: Windows (Any)
|
Reported By: "Marc Ruef" <maru@scip.ch>
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: 2003-09-02 7:12:10
From: "Marc Ruef" <maru@scip.ch>
Subject: [Full-Disclosure] New Microsoft Internet Explorer mshtml.dll Denial of Service?
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dear List
I was looking for some sources that serve translations of Buce Schneiers well-known \
Crypto-Gram[1]. So I found on the official page the hint, that there are some \
outdated Issues in a german version available.
After clicking in the link that brings me to http://www.galad.com/extras/cg/cg.htm , \
my Internet Explorer 6.0.2800.1106 "encounters a problem and needs to close". After a \
bit of debugging I could determine that the problem must be existing in the library \
mshtml.dll.
I tried to do a small and dirty analysis of the problem. So I fetched the whole page \
that encounters the error, but I couldn't reproduce the program shutdown with the \
offline version. It doesn't matter if I keep the original linking and embedded \
pictures as a link to the original web source.
Then I deactivated the Internet Explorers possibility of showing pictures \
(Tools/Internet Options/Advanced/Show pictures). And now the error message doesn't \
come again. So it seems to me that one of the pictures produce the failure.
Again, I put all the graphics from the named page dedicated into the affected web \
browser (e.g. http://www.galad.com/frame/but0nr.gif ). But once more, I couldn't \
reproduce the error. Perhaps it is an interaction between HTML or JavaScript and a \
picture needed. It is very interesting, that other sub pages (e.g. \
http://www.galad.com/certify/mcse/mcse.htm ) or other browsers (e.g. Netscape \
Communicator 4.x, 6.x, and 7.x) are not affected.
Can somebody help me to figure out the real problem? Or is this an old issue I can't \
recognize?
Sincerely,
Marc Ruef
[1] http://www.counterpane.com/crypto-gram.html
- --
) scip AG (
Technoparkstr. 1
8005 Zürich
T +41 1 445 18 18
F +41 1 445 18 19
maru@scip.ch
www.scip.ch - Publizierung aktuellster IT-Sicherheitsluecken -
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBP1RC+Re5hzJzqVMhEQKmDQCeM66Q8w/UqQBIi5FurZ7HpE6dMKYAmwdG
aNlONsKvfe2L9xezEjl2plJ3
=C9az
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[Editor's note: The lines in this signed message have been wrapped.]
|
|
