header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
7.5
CVSS
HIGH
Buffer-Overflow
Buffer-Overflow
CWE
Product Name: Internet Explorer
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested: Windows

Buffer-Overflow Vulnerability in Microsoft Internet Explorer

The vulnerability exists in Microsoft Internet Explorer when rendering VML graphics. Attackers can exploit this vulnerability to execute arbitrary code in the context of the logged-in user, leading to potential remote compromise or denial-of-service conditions.

Mitigation:

Apply the latest security patches from Microsoft. Avoid visiting untrusted websites or clicking on suspicious links.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25310/info

Microsoft Internet Explorer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

This issue occurs when rendering VML (Vector Markup Language) graphics.

Attackers can leverage this issue to execute arbitrary code in the context of the currently logged-in user.

Successful attacks may facilitate the remote compromise of affected computers. Failed attacks will likely cause denial-of-service conditions. 

To exploit this issue, an attacker must entice an unsuspecting user to view a malicious HTML document.

A VML document containing the following construct pointing to a malicious compressed image file will trigger this issue:

<v:rect>
<v:imagedata src="http://www.example.com/compressed.emz">
</v:rect>