1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MS IE Style Tag Cmt Mem Corruption

HTTP MS IE Style Tag Cmt Mem Corruption

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attemps to exploit a weakness in the Internet Explorer CSS parser, which allows an attacker to issue a denial-of-service attack on the target host and possibly allows the attacker to execute arbitrary code.

Additional Information

A heap overflow vulnerability has been discovered in Internet Explorer. It is reported that the issue presents itself when a comment character sequence that is not terminated is encountered after a STYLE tag.

It is reported that Internet Explorer will, under proper circumstances, compute the length of a comment string by subtracting a pointer to the terminator "*/" sequence of a comment from a pointer to the opening sequence "/*" of a comment. The result is used as a boundary check during a memcpy() operation performed on the comment string.

It is reported that if the comment is not closed with a terminator "*/" sequence, the algorithm used to derive the length of the comment string will result in a -2 Unicode string length. The memcpy() function will employ this value as 0xFFFFFFFE, and the size of this copy operation will result in a crash when a memory access violation occurs.

This issue could be exploited by a remote attacker to execute arbitrary code or cause a denial-of-service. The attacker would likely create a malicious HTML page and host it on a site. The attacker would then attempt to entice a user to visit the malicious page to carry out a successful attack. Other attack vectors may also exist, such as HTML email or other system components that support Cascading Style Sheets.

Affected

  • Avaya DefinityOne Media Servers
  • Avaya IP600 Media Servers
  • Avaya Modular Messaging (MSS) 1.1, 2.0
  • Avaya S3400 Message Application Server
  • Avaya S8100 Media Servers
  • Microsoft Internet Explorer 5.0, 5.0.1, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1

Response

Microsoft has released a cumulative update for supported versions of Internet Explorer to address this and other vulnerabilities.

Avaya has released an advisory that acknowledges this vulnerability for Avaya products. Customers are advised to follow Microsoft's guidance for applying patches. See the referenced Avaya advisory at the following location for further details:

http://support.avaya.com/japple/css/japple?temp.groupID=128450&temp.selectedFamily=128451&temp.selectedProduct=154235&temp.selectedBucket=126655&temp.feedbackState=askForFeedback&temp.documentID=203487&PAGE=avaya.css.CSSLvl1Detail&executeTransaction=avaya.css.UsageUpdate()


Microsoft Internet Explorer 5.0.1 SP3:
Microsoft Upgrade Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 3 (KB834707)

Microsoft Internet Explorer 5.0.1 SP4:
Microsoft Upgrade Cumulative Security Update for Internet Explorer 5.01 for Windows 2000 Service Pack 4 (KB834707)

Microsoft Internet Explorer 5.5 SP2:
Microsoft Upgrade Cumulative Security Update for Internet Explorer 5.5 Service Pack 2 (KB834707) - English

Microsoft Internet Explorer 6.0:
Microsoft Upgrade Cumulative Security Update for Internet Explorer 6 (KB834707)
Microsoft Upgrade Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB834707)
Microsoft Upgrade Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB834707)

Microsoft Internet Explorer 6.0 SP1:
Microsoft Upgrade Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows XP and Windows 2000 (
Microsoft Upgrade Cumulative Security Update for Internet Explorer 6 Service Pack 1 for Windows 98, Windows NT and Wi
Microsoft Upgrade Cumulative Security Update for Internet Explorer 6 SP1 64-bit Edition (KB834707)
Microsoft Upgrade Cumulative Security Update for Internet Explorer for Windows Server 2003 (KB834707)
Microsoft Upgrade Cumulative Security Update for Internet Explorer for Windows Server 2003 64-bit Edition (KB834707)

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube