header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Internet Explorer Object Type Handling Vulnerability
94
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 5.01
Affected Version To: Internet Explorer 6.0
Patch Exists: YES
Related CWE: CVE-2003-0352
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2003

Internet Explorer Object Type Handling Vulnerability

Internet Explorer does not properly handle object types when rendering XML based web sites, which may result in the possibility of the execution of malicious software. The problem occurs when Internet Explorer receives a response from the server when a malicious XML web page containing an embedded object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system. The Mindwarper exploit is actually reported to exploit one of the issues in BID 8577, which has not been addressed by the patches provided in MS03-040.

Mitigation:

Microsoft has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8565/info

Internet Explorer does not properly handle object types, when rendering XML based web sites. This may result in the possibility of the execution of malicious software.

The problem occurs when Internet Explorer receives a response from the server when a malicious XML web page containing an embedded object tag is parsed. Successful exploitation of this vulnerability could allow a malicious object to be trusted and as such be installed and executed on the local system.

The Mindwarper exploit is actually reported to exploit one of the issues in BID 8577, which has not been addressed by the patches provided in MS03-040. 

<span datasrc="#oExec" datafld="exploit" dataformatas="html"></span> <xml id="oExec"> <security> <exploit> <![CDATA[ <object id="oFile" data="badnews.php"></object> ]]&gt; </exploit> </security> </xml>

Navigation

Suggest Exploit

Services By CQR