Vulnerability Note VU#334928
Microsoft Internet Explorer contains buffer overflow in Type attribute of OBJECT element on double-byte character set systems
Certain versions of Microsoft Internet Explorer (IE) that support double-byte character sets (DBCS) contain a buffer overflow vulnerability in the Type attribute of the OBJECT element. A remote attacker could execute arbitrary code with the privileges of the user running IE.
Microsoft Security Bulletin MS03-032 and SNS Advisory No.68 describe a buffer overflow vulnerability in the Type attribute of the OBJECT element. This vulnerability only affects double-byte character set versions of IE (e.g. Japanese) and may be related to VU#679556/CAN-2003-0344/MS030-020.
By convincing a victim to view an HTML document (web site, HTML email message), a remote attacker could execute arbitrary code with the privileges of the victim.
Apply 822925 or a more recent cumulative patch for IE. See Microsoft Security Bulletin MS03-032.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|Microsoft Corporation||Affected||25 Aug 2003||25 Aug 2003|
CVSS Metrics (Learn More)
Microsoft credits LAC/SNS for reporting this vulnerability. Information used in this document came from LAC/SNS and Microsoft.
This document was written by Art Manion.
- CVE IDs: CAN-2003-0701
- CERT Advisory: CA-2003-22
- Date Public: 20 Aug 2003
- Date First Published: 26 Aug 2003
- Date Last Updated: 11 Aug 2005
- Severity Metric: 7.09
- Document Revision: 16
If you have feedback, comments, or additional information about this vulnerability, please send us email.