Internet Explorer IFRAME Buffer Overflow Vulnerability SP1

mimo2005 · 11-04-2004, 06:58 AM

Internet Explorer IFRAME Buffer Overflow Vulnerability

Secunia Advisory: SA12959
Release Date: 2004-11-02
Last Update: 2004-11-04

Critical:
Extremely critical
Impact: System access

Where: From remote

Solution Status: Unpatched

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed in the following versions:
* Internet Explorer 6.0 on Windows XP SP1 (fully patched).
* Internet Explorer 6.0 on Windows 2000 (fully patched).

NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists.

Solution:
The vulnerability does not affect systems running Windows XP with SP2 installed.
Use another product.

mimo2005 · 11-26-2004, 07:22 PM

Government says Finnish with IE 6

Dan Ilett
ZDNet UK
November 26, 2004, 13:35 GMT

Tell us your opinion

While the world waits for Microsoft to issue a patch for the IFRAME flaw, Finnish authorities have advised their people to avoid using Internet Explorer

A government agency in Finland is urging the country's citizens to avoid use of Internet Explorer until Microsoft has patched the Bofra vulnerability.

The Finnish Communications Regulatory Authority (FICORA) said users should adopt a different browser as it issued a high-risk warning over the Bofra vulnerability, for which an exploit was released within a few days of publication.

"We've advised the Finnish people to avoid use of Internet Explorer until a patch is released," said Arsi Heinonen, information security advisor for FICORA. "[The vulnerability] is widely exploited and there's some malicious software for it. It's a high risk we think. If people can use another browser until the patch is released, that's good."

The Bofra exploit – also known as the IFRAME exploit – was used this week to infect computers through banner ads. The exploit directed users to other Web sites and downloaded malicious code to their machines.

Microsoft has yet to announce when it will release a patch for the vulnerability, which was published at the beginning of November.

The vulnerability is said not to affect computers running Windows XP SP2, but can disrupt those with Windows 2000 and XP SP1.

At the beginning of this month, the National Infrastructure Security Co-ordination Centre (NISCC) advised users to take immediate action on the flaw. It said to take measures that included applying the patch for the flaw when it becomes available, to install SP2 and to keep antivirus software up to date.

11-04-2004, 06:58 AM	#1 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,362 OS: xp	Internet Explorer IFRAME Buffer Overflow Vulnerability SP1 Internet Explorer IFRAME Buffer Overflow Vulnerability Secunia Advisory: SA12959 Release Date: 2004-11-02 Last Update: 2004-11-04 Critical: Extremely critical Impact: System access Where: From remote Solution Status: Unpatched Software: Microsoft Internet Explorer 6 Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it. Description: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error in the handling of certain attributes in the <IFRAME> HTML tag. This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the <IFRAME> tag. Successful exploitation allows execution of arbitrary code. The vulnerability has been confirmed in the following versions: * Internet Explorer 6.0 on Windows XP SP1 (fully patched). * Internet Explorer 6.0 on Windows 2000 (fully patched). NOTE: This advisory has been rated "Extremely critical" as a working exploit has been published on public mailing lists. Solution: The vulnerability does not affect systems running Windows XP with SP2 installed. Use another product.

11-26-2004, 07:22 PM	#2 (permalink)
mimo2005 Manager, The Relaxation Room/Analyst, Security Team Join Date: Oct 2004 Posts: 10,362 OS: xp	IFRAME flaw Government says Finnish with IE 6 Dan Ilett ZDNet UK November 26, 2004, 13:35 GMT Tell us your opinion While the world waits for Microsoft to issue a patch for the IFRAME flaw, Finnish authorities have advised their people to avoid using Internet Explorer A government agency in Finland is urging the country's citizens to avoid use of Internet Explorer until Microsoft has patched the Bofra vulnerability. The Finnish Communications Regulatory Authority (FICORA) said users should adopt a different browser as it issued a high-risk warning over the Bofra vulnerability, for which an exploit was released within a few days of publication. "We've advised the Finnish people to avoid use of Internet Explorer until a patch is released," said Arsi Heinonen, information security advisor for FICORA. "[The vulnerability] is widely exploited and there's some malicious software for it. It's a high risk we think. If people can use another browser until the patch is released, that's good." The Bofra exploit – also known as the IFRAME exploit – was used this week to infect computers through banner ads. The exploit directed users to other Web sites and downloaded malicious code to their machines. Microsoft has yet to announce when it will release a patch for the vulnerability, which was published at the beginning of November. The vulnerability is said not to affect computers running Windows XP SP2, but can disrupt those with Windows 2000 and XP SP1. At the beginning of this month, the National Infrastructure Security Co-ordination Centre (NISCC) advised users to take immediate action on the flaw. It said to take measures that included applying the patch for the flaw when it becomes available, to install SP2 and to keep antivirus software up to date. __________________ TSF has outgrown its server, again. Please help "Gutta cavat lapidem, non vi sed saepe cadendo"