SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
Microsoft Internet Explorer Buffer Overflow in CR549.DLL ActiveX Control Permits Remote Code Execution
SecurityTracker Alert ID:  1007538
SecurityTracker URL:  http://securitytracker.com/id/1007538
CVE Reference:   CVE-2003-0530   (Links to External Site)
Updated:  Jun 14 2008
Original Entry Date:  Aug 20 2003
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01, 5.5, 6.0
Description:   A buffer overflow vulnerability was reported in Microsoft Internet Explorer (IE) in the 'CR549.DLL' ActiveX control. A remote user can execute arbitrary code on the target user's system.

It is reported that the CR549.DLL ActiveX control contains a security vulnerability. This obsolete control supports the Windows Reporting Tool, which is no longer supported by IE. The control contains a buffer overflow that may allow remote users to execute arbitrary code on the target user's system when the target user loads malicious HTML.

Microsoft credits Greg Jones from KPMG UK for reporting this flaw.

Impact:   A remote user can execute arbitrary code on the target user's system with the privileges of the target user.
Solution:   Microsoft has issued the following cumulative patch. This patch sets the kill bit on 'CR549.DLL'.

For all versions except Microsoft Internet Explorer 6.0 for Windows Server 2003:

http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp

For Microsoft Internet Explorer 6.0 for Windows Server 2003:

http://www.microsoft.com/windows/ie/downloads/critical/822925s/default.asp

The appropriate patch can be installed on IE 5.01 running on Windows 2000 systems with SP3 or SP4 installed, IE 5.5 SP2, IE 6.0 Gold, and IE 6.0 SP1.

This patch will reportedly be included in Windows XP SP2 and Windows Server 2003 SP1.

A reboot is required after installing this patch.

This patch supersedes the one reported in MS03-020.

See the vendor advisory for some important caveats regarding the HTML Help feature.

Microsoft plans to issue Knowledge Base article 822925 regarding this issue, to be available shortly on the Microsoft Online Support web site:

http://support.microsoft.com/default.aspx?scid=kb;en-us;822925

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-032.asp (Links to External Site)
Cause:   Boundary error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  http://www.microsoft.com/technet/security/bulletin/MS03-032.asp


Microsoft Security Bulletin MS03-032

Cumulative Patch for Internet Explorer (822925)

Originally posted: August 20, 2003

Maximum Severity Rating: Critical

Affected Versions:

         * Microsoft Internet Explorer 5.01
         * Microsoft Internet Explorer 5.5
         * Microsoft Internet Explorer 6.0
         * Microsoft Internet Explorer 6.0 for Windows Server 2003

CVE:  CAN-2003-0530, CAN-2003-0531, CAN-2002-0532

Two vulnerabilities were reported in Microsoft Internet Explorer (IE).  A remote user can 
cause arbitrary code to be executed on a target user's system.

It is reported that a flaw in the IE cross-domain security model may allow a remote user 
to cause scripting code to be executed in the My Computer zone (CVE CAN-2003-0531).  A 
remote user can create HTML that, when loaded by the target user, will trigger the flaw. 
The flaw reportedly involves the method that IE uses to load files from the browser cache.

A remote user can exploit this flaw to execute existing files on the system or to view 
arbitrary files on the system.

Microsoft credits Yu-Arai of LAC for reporting this flaw.

It is also reported that IE does not properly determine an object type returned from a web 
server (CAN-2002-0532).  A remote user can create HTML that, when loaded, will cause 
arbitrary code to be executed on a target user's system.  According to the report, IE does 
not properly validate a certain parameter in an HTTP response.  The reponse can point to a 
specific type of file to cause an object to be scripted and executed.

Microsoft credits eEye Digital Security with reporting this flaw.

It is also reported that the CR549.DLL ActiveX control contains a security vulnerability 
(CAN-2003-0530). This obsolete control supports the Windows Reporting Tool, which is no 
longer supported by IE.  The control contains a buffer overflow that may allow remote 
users to execute arbitrary code on the target user's system when the target user loads 
malicious HTML.

Microsoft credits Greg Jones from KPMG UK for reporting this flaw.



Microsoft has issued a cumulative patch.

For all version except Microsoft Internet Explorer 6.0 for Windows Server 2003:

http://www.microsoft.com/windows/ie/downloads/critical/822925/default.asp

For Microsoft Internet Explorer 6.0 for Windows Server 2003:

http://www.microsoft.com/windows/ie/downloads/critical/822925s/default.asp

The appropriate patch can be installed on IE 5.01 running on Windows 2000 systems with SP3 
or SP4 installed, IE 5.5 SP2, IE 6.0 Gold, and IE 6.0 SP1.

This patch will reportedly be included in Windows XP SP2 and Windows Server 2003 SP1.

A reboot is required after installing this patch.

This patch supersedes the one reported in MS03-020.

See the vendor advisory for some important caveats regarding the HTML Help feature.

Microsoft plans to issue Knowledge Base article 822925 regarding this issue, to be 
available shortly on the Microsoft Online Support web site:

http://support.microsoft.com/default.aspx?scid=kb;en-us;822925





 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC