1. Symantec-Broadcom-Horizontal/
  2. Security Response/
  3. Attack Signatures/
  4. HTTP ScriptElement CreateControlRange BO

HTTP ScriptElement CreateControlRange BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a heap buffer overflow vulnerability in Internet Explorer which could result in remote code execution.

Additional Information

Microsoft Internet Explorer is prone to a heap-based buffer overflow vulnerability in the 'createControlRange()' DHTML method. The 'createControlRange()' DHTML method allows for creation of a 'controlRange' collection consisting of non-textual elements which may be manipulated by various other DHTML methods.

This vulnerability is due to a boundary condition error that is exposed when passing data to the 'createControlRange()' DHTML method. The overflow may result in corruption of heap-based memory with attacker-specified data. An attacker may leverage the resulting memory corruption to overwrite sensitive variables in memory to influence execution flow of the program.

This vulnerability could be exploited to execute arbitrary code in the context of the currently logged in user. Exploitation is most likely to occur through a malicious Web page that invokes the vulnerable DHTML method. HTML email may also present an attack vector.

Affected

  • Microsoft Internet Explorer 5.0.1, 5.0.1 SP1, 5.0.1 SP2, 5.0.1 SP3, 5.0.1 SP4, 5.5, 5.5 SP1, 5.5 SP2, 6.0, 6.0 SP1, 6.0 SP2
  • Microsoft Windows ME
  • Microsoft Windows Server 2003 Datacenter Edition
  • Microsoft Windows Server 2003 Datacenter Edition Itanium
  • Microsoft Windows Server 2003 Enterprise Edition
  • Microsoft Windows Server 2003 Enterprise Edition Itanium
  • Microsoft Windows Server 2003 Standard Edition
  • Microsoft Windows Server 2003 Web Edition
  • Microsoft Windows XP Home
  • Microsoft Windows XP Professional
  • Nortel Networks IP softphone 2050
  • Nortel Networks Mobile Voice Client 2050
  • Nortel Networks Optivity Telephony Manager (OTM)
  • Nortel Networks Symposium Web Center Portal (SWCP)
  • Nortel Networks Symposium Web Client

Response

Microsoft has released a cumulative update for Internet Explorer to address this and other vulnerabilities. Updates for Internet Explorer on Microsoft Windows 98/98SE/ME may be obtained through Windows Update.

Nortel Networks has released security advisory 2005005511-2 acknowledging this issue. Please the referenced advisory for further information.


  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube