TITLE: Internet Explorer URL Parsing Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA21557
VERIFY ADVISORY: http://secunia.com/advisories/21557/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Microsoft Internet Explorer 6.x http://secunia.com/product/11/ DESCRIPTION: A vulnerability has been reported in Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error when processing URLs on a website using HTTP 1.1 and compression. This can be exploited to cause a buffer overflow via an overly long URL. Successful exploitation allows execution of arbitrary code when a user is e.g. tricked into visiting a malicious website. The vulnerability affects Internet Explorer 6 SP1 on Windows 2000 and Windows XP SP1 and was introduced by the MS06-042 patches. SOLUTION: The vendor recommends disabling the HTTP 1.1 protocol in Internet Explorer (see the vendor's advisory for details). ORIGINAL ADVISORY: Microsoft: http://www.microsoft.com/technet/security/advisory/923762.mspx http://support.microsoft.com/kb/923762/ OTHER REFERENCES: US-CERT VU#821156: http://www.kb.cert.org/vuls/id/821156 ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
