Signature Detail

HTTP: Internet Explorer mshtml.dll Buffer Overflow

This signature detects attempts to exploit a known vulnerability against the Microsoft Internet Explorer mshtml.dll file, a shared library for parsing HTML. Attackers can host a Web site that contains malicious code to compromise the computers of IE users that access it.

Extended Description

Due to a flaw in IE's implementation of an HTML directive, it is possible for a remote attacker to execute arbitrary code on a user's system. MSIE supports a directive to embed document files in webpages. A buffer overflow condition exists in this feature that may allow for remote attackers to execute arbitrary code on client systems. This vulnerability may be exploited to execute arbitrary code through a maliciously constructed webpage or HTML email. Any arbitary code will be executed within the security context of the user running the client. Successful exploitation of this issue could result in a compromise of the host.

Affected Products

• Microsoft Internet Explorer 5.0.1
• Microsoft Internet Explorer 5.0.1 SP1
• Microsoft Internet Explorer 5.0.1 SP2
• Microsoft Internet Explorer 5.5
• Microsoft Internet Explorer 5.5 SP1
• Microsoft Internet Explorer 5.5 SP2
• Microsoft Internet Explorer 6.0

References

• BugTraq: 4080
• CERT: CA-2002-04
• CVE: CVE-2002-0022
• URL: http://securityvulns.com/news1782.html
• URL: http://www.security.nnov.ru/search/document.asp?docid=2500