Buffer-Overflow Vulnerability in Microsoft Internet Explorer

vendor:

Internet Explorer

by:

7.5

CVSS

HIGH

Buffer-Overflow

CWE

Product Name: Internet Explorer

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows

Buffer-Overflow Vulnerability in Microsoft Internet Explorer

The vulnerability exists in Microsoft Internet Explorer when rendering VML graphics. Attackers can exploit this vulnerability to execute arbitrary code in the context of the logged-in user, leading to potential remote compromise or denial-of-service conditions.

Mitigation:

Apply the latest security patches from Microsoft. Avoid visiting untrusted websites or clicking on suspicious links.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25310/info

Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs when rendering VML (Vector Markup Language) graphics.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user.

Successful attacks may facilitate the remote compromise of affected computers. Failed attacks will likely cause denial-of-service conditions. 

To exploit this issue, an attacker must entice an unsuspecting user to view a malicious HTML document.

A VML document containing the following construct pointing to a malicious compressed image file will trigger this issue:

<v:rect>
<v:imagedata src="http://www.example.com/compressed.emz">
</v:rect>