Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution
|
|
SecurityTracker Alert ID: 1007538
|
|
SecurityTracker URL: http://securitytracker.com/id?1007538
|
|
CVE Reference: CVE-2003-0530
(Links to External Site)
|
Updated: Jun 14 2008
|
Original Entry Date: Aug 20 2003
|
Impact: Execution of arbitrary code via network, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.01, 5.5, 6.0
|
Description: A buffer overflow vulnerability was reported in Microsoft Internet Explorer (IE) in the 'CR549.DLL' ActiveX control. A remote user can execute arbitrary code on the target user's system.
It is reported that the CR549.DLL ActiveX control contains a security vulnerability. This obsolete control supports the Windows Reporting
Tool, which is no longer supported by IE. The control contains a buffer overflow that may allow remote users to execute arbitrary
code on the target user's system when the target user loads malicious HTML.
Microsoft credits Greg Jones from KPMG UK for reporting
this flaw.
|
Impact: A remote user can execute arbitrary code on the target user's system with the privileges of the target user.
|
Solution: Microsoft has issued the following cumulative patch. This patch sets the kill bit on 'CR549.DLL'.
For all versions except Microsoft
Internet Explorer 6.0 for Windows Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp
For
Microsoft Internet Explorer 6.0 for Windows Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925s/default.asp
The
appropriate patch can be installed on IE 5.01 running on Windows 2000 systems with SP3 or SP4 installed, IE 5.5 SP2, IE 6.0 Gold,
and IE 6.0 SP1.
This patch will reportedly be included in Windows XP SP2 and Windows Server 2003 SP1.
A reboot is required
after installing this patch.
This patch supersedes the one reported in MS03-020.
See the vendor advisory for some important
caveats regarding the HTML Help feature.
Microsoft plans to issue Knowledge Base article 822925 regarding this issue, to be available
shortly on the Microsoft Online Support web site:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822925
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-032.asp (Links to External Site)
|
Cause: Boundary error
|
Underlying OS: Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 20 Aug 2003 14:20:57 -0400
Subject: http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
|
Microsoft Security Bulletin MS03-032
Cumulative Patch for Internet Explorer (822925)
Originally posted: August 20, 2003
Maximum Severity Rating: Critical
Affected Versions:
* Microsoft Internet Explorer 5.01
* Microsoft Internet Explorer 5.5
* Microsoft Internet Explorer 6.0
* Microsoft Internet Explorer 6.0 for Windows Server 2003
CVE: CAN-2003-0530, CAN-2003-0531, CAN-2002-0532
Two vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can
cause arbitrary code to be executed on a target user's system.
It is reported that a flaw in the IE cross-domain security model may allow a remote user
to cause scripting code to be executed in the My Computer zone (CVE CAN-2003-0531). A
remote user can create HTML that, when loaded by the target user, will trigger the flaw.
The flaw reportedly involves the method that IE uses to load files from the browser cache.
A remote user can exploit this flaw to execute existing files on the system or to view
arbitrary files on the system.
Microsoft credits Yu-Arai of LAC for reporting this flaw.
It is also reported that IE does not properly determine an object type returned from a web
server (CAN-2002-0532). A remote user can create HTML that, when loaded, will cause
arbitrary code to be executed on a target user's system. According to the report, IE does
not properly validate a certain parameter in an HTTP response. The reponse can point to a
specific type of file to cause an object to be scripted and executed.
Microsoft credits eEye Digital Security with reporting this flaw.
It is also reported that the CR549.DLL ActiveX control contains a security vulnerability
(CAN-2003-0530). This obsolete control supports the Windows Reporting Tool, which is no
longer supported by IE. The control contains a buffer overflow that may allow remote
users to execute arbitrary code on the target user's system when the target user loads
malicious HTML.
Microsoft credits Greg Jones from KPMG UK for reporting this flaw.
Microsoft has issued a cumulative patch.
For all version except Microsoft Internet Explorer 6.0 for Windows Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp
For Microsoft Internet Explorer 6.0 for Windows Server 2003:
http://www.microsoft.com/windows/ie/downloads/critical/822925s/default.asp
The appropriate patch can be installed on IE 5.01 running on Windows 2000 systems with SP3
or SP4 installed, IE 5.5 SP2, IE 6.0 Gold, and IE 6.0 SP1.
This patch will reportedly be included in Windows XP SP2 and Windows Server 2003 SP1.
A reboot is required after installing this patch.
This patch supersedes the one reported in MS03-020.
See the vendor advisory for some important caveats regarding the HTML Help feature.
Microsoft plans to issue Knowledge Base article 822925 regarding this issue, to be
available shortly on the Microsoft Online Support web site:
http://support.microsoft.com/default.aspx?scid=kb;en-us;822925
|
|
