exploits , vulnerabilities , articles , Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability

Title	Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability
Published	2005-03-09-12:00AM
Updated	2005-03-09-08:32PM
Class	Boundary Condition Error
CVE	CVE-MAP-NOMATCH
Remote	Yes
Local	No
Credit	Discovery is credited to <mansooor_1001@hotmail.com>.
Vulnerable	Microsoft Internet Explorer 6.0 SP2 Microsoft Internet Explorer 6.0 SP1 Microsoft Internet Explorer 6.0 Microsoft Windows 2000 Advanced Server Microsoft Windows 2000 Advanced Server SP1 Microsoft Windows 2000 Advanced Server SP2 Microsoft Windows 2000 Datacenter Server Microsoft Windows 2000 Datacenter Server SP1 Microsoft Windows 2000 Datacenter Server SP2 Microsoft Windows 2000 Professional Microsoft Windows 2000 Professional SP1 Microsoft Windows 2000 Professional SP2 Microsoft Windows 2000 Server Microsoft Windows 2000 Server SP1 Microsoft Windows 2000 Server SP2 Microsoft Windows 2000 Terminal Services Microsoft Windows 2000 Terminal Services SP1 Microsoft Windows 2000 Terminal Services SP2 Microsoft Windows 98 Microsoft Windows 98SE Microsoft Windows ME Microsoft Windows NT Enterprise Server 4.0 SP6a Microsoft Windows NT Server 4.0 SP6a Microsoft Windows NT Workstation 4.0 SP6a Microsoft Windows Server 2003 Datacenter Edition Microsoft Windows Server 2003 Datacenter Edition 64bit Microsoft Windows Server 2003 Enterprise Edition Microsoft Windows Server 2003 Enterprise Edition 64bit Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Web Edition Microsoft Windows XP Home Microsoft Windows XP Professional
Not Vulnerable
Code	The following exploit creates a malformed CSS file that can be included in an HTML document to trigger this issue: /data/vulnerabilities/exploits/ie_css_bof.c
TXT

Vulnerabilities - newest 10 RSS | More

• 2008-12-01 SystemImager Flamethrower Insecure Temporary File Creation Vulnerabilities
• 2008-12-01 Rumpus FTP Server Command Argument Remote Buffer Overflow Vulnerability
• 2008-12-01 Rumpus FTP Server HTTP Command Remote Denial of Service Vulnerability
• 2008-11-29 Multiple ActiveWebSoftwares Products Login Parameters SQL Injection Vulnerabilities
• 2008-11-29 Venalsur Booking Centre Multiple Cross-Site Scripting Vulnerabilities
• 2008-11-28 ReVou Login SQL Injection Vulnerability
• 2008-11-28 Web Calendar System SQL Injection and Cross Site Scripting Vulnerabilities
• 2008-11-28 SailPlanner Login SQL Injection Vulnerability
• 2008-11-28 Livio.net WEB Calendar Cross Site Scripting and Multiple SQL Injection Vulnerabilities
• 2008-11-28 Subtext Anchor Tags HTML Injection Vulnerability

• Vulnerabilities
• Exploits
• News
• Articles

Copyright 2007, SecurityDot
Tue, 02 Dec 2008 05:06:21 +0000