Reported April 23, 2003, by Microsoft.

 

 

VERSIONS AFFECTED

 

·         Microsoft Internet Explorer (IE) 6.0, 5.5, and 5.01

 

DESCRIPTION

 

Internet Explorer (IE) 6.0, 5.5, and 5.01 contain four newly discovered vulnerabilities, the most serious of which can result in the execution of arbitrary code on the vulnerable system. These four new vulnerabilities consist of the following:

  • A buffer-overrun vulnerability in urlmon.dll occurs because IE doesn't correctly check the parameters of information it receives from a Web server. A user simply visiting an attacker’s Web site could permit the attacker to exploit the vulnerability without any other user action.

  • A vulnerability in IE's file-upload control permits input from a script to be passed to the upload control. This vulnerability can allow an attacker to supply a filename to the file-upload control and automatically upload a file from the user’s system to a Web server.

  • When rendering third-party file types, IE doesn't properly check parameters passed to it. An attacker can create a specially formed URL that inject script code during the rendering of a third-party file format and cause the script to execute in the user's security context.

  • By not properly checking an input parameter, IE contains a flaw in the way it treats modal dialogs. This flaw can permit an attacker to use an injected script to provide access to files stored on a user’s computer. Although a user who visits the attacker’s Web site can let the attacker exploit the vulnerability without any other user action, the attacker can't force the user to visit the Web site.

 

VENDOR RESPONSE

 

Microsoft has released Security Bulletin MS03-015, "Cumulative Patch for Internet Explorer (813489)," to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch mentioned in the bulletin.

 

CREDIT

Discovered by Mark Litchfield of Next Generation Security Software Ltd., Andreas Sandblad, and Jouko Pynnönen of Oy Online Solutions Ltd.