Microsoft Internet Explorer Buffer Overrun Description Microsoft® ActiveX® controls, formerly known as OLE controls or OCX controls, are components (or objects) you can insert into a Web page or other application to reuse packaged functionality someone else programmed. Whether you use an ActiveX control or a Java object, Microsoft Visual Basic Scripting Edition and Microsoft Internet Explorer handle it the same way. Details An unchecked buffer exists in the ActiveX control used to display specially formatted text. This could be executed by encouraging an unsuspecting user to visit a malicious web page including the below code. <OBJECT By supplying an overly long value for the "Caption" parameter a saved return address stored on the stack will be overwritten allowing an attacker to gain control of Internet Explorer's path of execution. Any arbitary code would execute in the context of the logged on user. By sending the intended targer a specially crafted e-mail or by enticing them to a malicious website an attacker will be able to gain remote control of that users desktop. Fix Information NGSSoftware alerted Microsoft to these problems on the 29th April 2002. NGSSoftware highly recommend installing Microsoft Patch found at http://www.microsoft.com/windows/ie/downloads/critical/q323759ie/default.asp
|
|
About NPI |
Contact Us |
Services | Tools |
Site Map |
Reseller Programs
Professional Ethics |
Privacy
Copyright 1993-2024 Network Partners, Inc. All rights reserved