Signature Detail
Short Name |
HTTP:STC:IE:OBJECT-OF |
|---|---|
Severity |
Medium |
Recommended |
No |
Category |
HTTP |
Keywords |
Internet Explorer OBJECT Tag Buffer Overflow |
Release Date |
2003/10/15 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Internet Explorer OBJECT Tag Buffer Overflow
This signature detects attempts to exploit a known vulnerability in Microsoft Internet Explorer 6.0 SP1 and earlier. Attackers can send malicious HTTP data to a target; when the target downloads the malicious Web page or connects to the malicious Web server, the attacker can execute arbitrary commands on the target host.
Extended Description
Microsoft Internet Explorer is prone to a boundary condition error when handling OBJECT tags in web pages. When a web page containing an OBJECT tag using a parameter containing excessive data is encountered by a vulnerable client, a internal memory buffer will be overrun. This could cause Internet Explorer to fail or potentially result in the execution arbitrary code in the security context of the current user.
Affected Products
- Microsoft Internet Explorer 5.0.1
- Microsoft Internet Explorer 5.0.1 SP1
- Microsoft Internet Explorer 5.0.1 SP2
- Microsoft Internet Explorer 5.0.1 SP3
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 5.5 SP1
- Microsoft Internet Explorer 5.5 SP2
- Microsoft Internet Explorer 6.0
- Microsoft Internet Explorer 6.0 SP1
References
- BugTraq: 7806
- CVE: CVE-2003-0344
- URL: http://www.microsoft.com/technet/security/bulletin/MS03-020.mspx