1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP MSIE IsComponentInstalled BO

HTTP MSIE IsComponentInstalled BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a buffer overflow condition in Microsoft Internet Explorer using the IsComponentInstalled method.

Additional Information

Microsoft Internet Explorer supports the 'IsComponentInstalled()' method to report if a particular component is installed. It accepts 'sID', 'sIDType', and 'sMinVersion' as arguments and returns a value of 'true' or 'false'.

The 'IsComponentInstalled()' method is prone to a buffer overflow condition. Specifically, data supplied to the 'sID' argument is not adequately bounds checked, resulting in an overrun of stack-based memory. A successful exploit results in arbitrary code execution in the context of the user that invoked Internet Explorer.

This issue was reportedly addressed in Windows 2000 SP4 and Windows XP SP1, however, this has not been confirmed.

Internet Explorer 6 is vulnerable to this issue; earlier versions may also be affected.

Affected

  • Microsoft Internet Explorer 6.0

Response

"nThis issue was reportedly fixed in Service Pack 4 for Windows 2000 and Service Pack 2 for Windows XP, though this has not been confirmed. Please contact the vendor for further details.n n

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube