search menu icon-carat-right cmu-wordmark

CERT Coordination Center

Buffer Overflow in URLMON.DLL

Vulnerability Note VU#169753

Original Release Date: 2003-04-24 | Last Revised: 2003-04-24

Overview

A buffer overflow in URLMON.DDL may allow an intruder to execute arbitrary code.

Description

URLMON.DLL is a library used by Microsoft Internet Explorer. It contains a buffer overflow that could allow an intruder to execute arbitrary code if the intruder can convince the victim to visit a malicious web page or, in some limited circumstances, open a malicious email message. For more information, see Microsoft Security Bulletin MS03-015.

Impact

An intruder could execute arbitrary code with the privileges of the user operating the vulnerable web browser or email client.

Solution

Apply a patch as described in MS03-015.

Vendor Information

No information available at this time.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

Thanks to Microsoft Corporation for reporting this vulnerability.

This document was written by Shawn V Hernan based on information provided by Microsoft.

Other Information

CVE IDs: CVE-2003-0113
Severity Metric: 10.80
Date Public: 2003-04-23
Date First Published: 2003-04-24
Date Last Updated: 2003-04-24 03:56 UTC
Document Revision: 8

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.