Short Name |
HTTP:MS-WINDOWS-HYPERLINK-BO1 |
---|---|
Severity |
Minor |
Recommended |
No |
Category |
HTTP |
Keywords |
Microsoft Windows Hyperlink Buffer Overflow1 |
Release Date |
2015/10/07 |
Update Number |
2543 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
A buffer overflow exists in the Microsoft Windows system library used to handle hyperlink objects. An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are processed when a user clicks on a hyperlink in a browser or in HTML-rendered email. An attacker who successfully exploits this vulnerability can execute code with the privileges of the currently logged in user. In a simple attack case, the attacker can terminate the application that is using the ActiveX hyperlink library. In a sophisticated attack, he can inject arbitrary code into the target. The behaviour of the target is dependent on the nature of the malicious code. The exploit executes with the privileges of the currently logged in user. If this account has elevated privileges, an attacker may take control of the target system.