|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[SA11868] Internet Explorer File Download Error Message Denial of Service Weakness
From: Secunia Security Advisories (sec-adv
secunia.com)
Date: Wed Jun 16 2004 - 07:24:22 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
TITLE:
Internet Explorer File Download Error Message Denial of Service
Weakness
SECUNIA ADVISORY ID:
SA11868
VERIFY ADVISORY:
http://secunia.com/advisories/11868/
CRITICAL:
Not critical
IMPACT:
DoS
WHERE:
From remote
SOFTWARE:
Microsoft Internet Explorer 6
DESCRIPTION:
Rafel Ivgi has discovered a weakness in Internet Explorer (IE),
allowing malicious people to crash a user's browser.
Analysis indicates that the issue is caused due to an error during
the construction of a file download error message dialog box like the
following:
"Internet Explorer cannot download [file] from [server]"
It is possible to trigger the issue via a specially crafted link
like:
<a href=::%7>Link</a>
This causes an incorrect pointer to be passed as argument in a call
to "_snwprintf()" instead of the correct pointer to the string:
"[file] from [server]". This may result in an access violation, if
the pointer refers to an inaccessible memory location, which varies
depending on the supplied value after the "%" character.
The problem has been confirmed on a fully patched system with IE 6.0.
Other versions may also be affected.
Successful exploitation crashes the browser, if a user is tricked
into right clicking the link and choosing "Save Target As...". It is
currently not believed that this issue can be exploited for code
execution purposes.
NOTE: Secunia would normally not classify a browser crash as a
vulnerability nor issue an advisory about it. However, the potential
risc of this issue being more severe than currently believed
justified for an advisory being issued.
SOLUTION:
Don't follow untrusted links nor use the "Save Target As..." feature
on them.
PROVIDED AND/OR DISCOVERED BY:
Rafel Ivgi
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------
Unsubscribe: Secunia Security Advisories
----------------------------------------------------------------------
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]