1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MSIE Content Type BO

HTTP MSIE Content Type BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a denial of service vulnerability in Microsoft Internet Explorer.

Additional Information

Microsoft Internet Explorer is prone to a denial-of-service vulnerability.

This issue is triggered when an attacker convinces a victim user to visit a malicious website. Specifically, the vulnerability presents itself when the browser processes excessively large 'Content-Type' HTTP response headers consisting of more than approximately 1M bytes. An attacker can trigger a stack-overflow exception.

This crash reportedly occurs due to a flaw in the 'wininet.dll' library.

A successful attack can cause Microsoft Internet Explorer to crash, effectively denying service to legitimate users.

Specific information regarding affected Internet Explorer packages is not currently available. This BID will be updated as further information is disclosed.

Affected

  • Microsoft Internet Explorer 5.0, 5.0.1, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1, 6.0 SP2, 7.0, 7.0 beta2

Response

Ensure that all patches available for Microsoft Internet Explorer have been applied.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube