Home page logo

bugtraq logo Bugtraq mailing list archives

[BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2
From: bugtraq () morph3us org
Date: 12 Apr 2006 22:49:30 -0000

Hash: RIPEMD160

Multiple Vulnerabilities in MS IE 6.0 SP2

Recently, I discovered three vulnerabilities in Microsoft Internet
Explorer 6 SP2 with all patches applied. All of these bugs are located
in `mshtml.dll' and are caused by incorrect handling of specially
crafted HTML documents. The severity of the first security issue
(<mshtml.dll>#7d6d2db4) is low because it is a non-exploitable Null
Pointer Dereference vulnerability and leads to DoS. The second
(<mshtml.dll>#7d519030) and third (<mshtml.dll>#7d529d35) vulnerability
are similar and the Microsoft Security Response Center rated them as
critical because, on the face of it, they could produce an exploitable
memory corruption (see HTML Tag Memory Corruption Vulnerability -
CVE-2006-1188) with a variant of my PoC.

To satisfy the request of the Microsoft Security Response Center I'm
going to support further details at a later date..

o Description:

Internet Explorer, abbreviated IE or MSIE, is a proprietary web browser
made by Microsoft and currently available as part of Microsoft Windows.

Visit http://www.microsoft.com/windows/ie/default.mspx or
http://en.wikipedia.org/wiki/Internet_Explorer for detailed information.

o Disclosure Timeline:

xx Feb 06 - Vulnerabilities discovered.
08 Mar 06 - Vendor contacted.
22 Mar 06 - Vendor confirmed vulnerabilities.
11 Apr 06 - Vendor released security update.
12 Apr 06 - First advisory released.

o Solution:

Two of the mentioned vulnerabilities are addressed in the latest
security update for Internet Explorer [2]. I think - this is not an
official statement from the Microsoft Security Response Center - the
third security issue will be fixed in an upcoming service pack release.

o Credits:

Thomas Waldegger <bugtraq () morph3us org>
BuHa-Security Community - http://buha.info/board/

If you have questions, suggestions or criticism about the advisory feel
free to send me a mail. The address 'bugtraq () morph3us org' is more a
spam address than a regular mail address therefore it's possible that
some mails get ignored. Please use the contact details at
http://morph3us.org/ to contact me.

Greets fly out to cyrus-tc, destructor, nait, rhy, trappy and all
members of BuHa.

Advisory online: http://morph3us.org/advisories/20060412-msie6-sp2.txt

[1] http://www.microsoft.com/technet/security/Bulletin/MS06-013.mspx

Version: n/a
Comment: http://morph3us.org/


  By Date           By Thread  

Current thread:
  • [BuHa-Security] Multiple Vulnerabilities in MS IE 6.0 SP2 bugtraq (Apr 13)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]