Vulnerability Note VU#932283
Microsoft Internet Explorer HTML rendering engine contains buffer overflow processing SRC attribute of HTML <EMBED> directive
The Microsoft Internet Explorer HTML rendering engine contains a vulnerability in its handling of the SRC attribute of the HTML <EMBED> directive. An attacker who is able to convince a user to read a malicious HTML file may be able to crash Internt Explorer or execute arbitrary code with the user's privileges.
Web pages and HTML email messages typically contain HTML text, but may include other documents using the <EMBED> directive. For example, a MIDI sound file might be embedded in a web page with the following HTML code:
<EMBED SRC="/path/sound.mid" AUTOSTART="true">
By convincing a user to view a malicious HTML document, an attacker could cause the Internet Explorer HTML rendering engine to crash or execute arbitrary code. This technique could be used to distribute viruses, worms, or other malicious code. Any code executed through this vulnerability would run with the privileges of the user who viewed the HTML document.
Outlook 2002 and Outlook Express 6, and Outlook 98 and 2000 with the Outlook Email Security Update applied, open email messages in the Restricted Sites Zone. The "Run ActiveX Controls and Plugins" security option is disabled by default in the Restricted Sites Zone.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|AOL Time Warner||Affected||05 Mar 2002||29 Mar 2002|
|Microsoft||Affected||20 Dec 2001||05 Mar 2002|
|Cyrusoft||Not Affected||22 Feb 2002||25 Feb 2002|
|Lotus||Unknown||22 Feb 2002||25 Feb 2002|
|QUALCOMM||Unknown||22 Feb 2002||25 Feb 2002|
CVSS Metrics (Learn More)
The CERT/CC thanks ERRor and DarkZorro of domain Hell and 3APA3A of SECURITY.NNOV for reporting this issue to us.
This document was written by Art Manion and Ian A. Finlay.
- CVE IDs: CAN-2002-0022
- CERT Advisory: CA-2002-04
- Date Public: 11 Feb 2002
- Date First Published: 14 Feb 2002
- Date Last Updated: 29 Mar 2002
- Severity Metric: 50.49
- Document Revision: 109
If you have feedback, comments, or additional information about this vulnerability, please send us email.