Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Browsers :: expl5661.htm

Internet Explorer legacy text control buffer overflow
26th Aug 2002 [SBWID-5661]

		Microsoft Internet Explorer legacy text control buffer overflow


		All versions IE


		In  Mark  Litchfield  []  of   NGSSoftware   Insight
		Security Research [] advisory  [#NISR26082002]

		Microsoft® ActiveX® controls, formerly known  as  OLE  controls  or  OCX
		controls, are components (or objects) you can insert into a Web page  or
		other  application  to  reuse  packaged   functionality   someone   else
		programmed. Whether you use an ActiveX control (formerly called  an  OLE
		control) or a Java object, Microsoft Visual Basic Scripting Edition  and
		Microsoft Internet Explorer handle it the same way.




		An unchecked buffer exists  in  the  ActiveX  control  used  to  display
		specially formatted text. This  could  be  executed  by  encouraging  an
		unsuspecting user to visit a malicious  web  page  including  the  below










		<PARAM NAME="Angle" VALUE="90">

		<PARAM NAME="Alignment" VALUE="4">

		<PARAM NAME="BackStyle" VALUE="0">

		<PARAM NAME="Caption" VALUE="long char string">

		<PARAM NAME="FontName" VALUE="NGS Software Font">

		<PARAM NAME="FontSize" VALUE="50">

		<PARAM NAME="FontBold" VALUE="1">

		<PARAM NAME="FrColor" VALUE="0">



		By supplying an overly long value for the "Caption"  parameter  a  saved
		return address stored on the  stack  will  be  overwritten  allowing  an
		attacker to gain control of Internet Explorer's path of  execution.  Any
		arbitary code would execute in the context of the  logged  on  user.  By
		sending the intended targer a specially crafted e-mail  or  by  enticing
		them to a malicious website an attacker will  be  able  to  gain  remote
		control of that users desktop.


		NGSSoftware alerted Microsoft to these problems on the 29th April  2002.
		NGSSoftware highly recommend installing Microsoft Patch found at


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH