Info

Disclosure

Aug 23, 2006

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Aug 08, 2006

Description

A remote overflow exists in Microsoft's Internet Explorer. Internet Explorer fails to correctly handle a long URL using HTTP 1.1 compression resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Patch / RCS
Exploit: Exploit Unknown
Disclosure: Vendor Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Products

Microsoft Corporation

Internet Explorer

6.0 SP1

References

Security Tracker: 1016731
CVE ID: 2006-3869 (see also: NVD)
Secunia Advisory ID: 21557
SCIP VulDB ID: 2478
CERT VU: 821156
Microsoft Knowledge Base Article: 923762
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0478.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0595.html
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0635.html
Other Advisory URL: http://research.eeye.com/html/advisories/published/AD20060824.html
http://www.nsfocus.com/english/homepage/research/0608.htm
News Article: http://www.eweek.com/article2/0,1895,2007109,00.asp
Microsoft Security Bulletin: MS06-042

Credit

Dejan Kovacevic - Bold Internet Solutions
Derek Soeder - dsoedereeye.com - eEye Digital Security
Hu Qianwei - -

Direct URL: http://osvdb.org/28132