A buffer overflow in Microsoft Internet Explorer Content Advisor may allow a remote attacker to execute arbitrary code on a vulnerable system.
The Content Advisor is used to control what content is viewable in Internet Explorer. A buffer overflow exists in the routines that handle Content Advisor files. If an attacker can persuade a user to visit a specially crafted web page the attacker may be able to execute arbitrary code with the privileges of the current user. For more detailed information and for a list of vulnerable software, see Microsoft Security Bulletin MS05-020.
By convincing a user to view an HTML document (e.g., a web page or HTML email message), an attacker could execute arbitrary commands or code with the privileges of the user. The attacker could take any action as the user. If the user has administrative privileges, the attacker could take complete control of the user's system. A user would need to click through a series of Content Advisor setup windows for the attack to be successful.
Apply a patch
This vulnerability was publicly reported by Microsoft who credits Andres Tarasco of SIA Group
|Date First Published:||2005-04-12|
|Date Last Updated:||2005-04-13 19:31 UTC|