項目 |
|
攻撃 |
リモート |
攻撃ポート |
80 |
対象OS |
Windows |
CVE |
CVE-2006-1273 |
MS |
|
PAM |
|
Microsoft Internet Exporer mshtml.dll buffer overflow (HTML_Mshtml_Overflow)
About this signature or vulnerability
RealSecure Network Sensor, RealSecure Server Sensor:
This signature detects a malicious Web page containing a large number of script action handlers in a single HTML tag.
Default risk level
High
Sensors that have this signature
RealSecure Network Sensor: XPU 24.32, RealSecure Server Sensor: XPU 24.32
Systems affected
Windows XP: SP2, Microsoft Internet Explorer: 6.0
Type
Unauthorized Access Attempt
Vulnerability description
Microsoft Internet Explorer version 6.0 is vulnerable to a buffer overflow in mshtml.dll. By creating a malicious Web page containing a large number of script action handlers in a single HTML tag, a remote attacker could overflow a buffer and cause Internet Explorer to crash or possibly execute arbitrary code on a victim's system, once the malicious page is opened.
Note: This vulnerability also affects Mozilla Firefox, and possibly other vendor Web browsers.
How to remove this vulnerability
No remedy available as of March 2006.
検証環境
優先度 |
OS |
IP |
Intruder: |
- |
213.134.128.25 |
Victim: |
Windows2000 |
192.168.221.180 |
センサー |
ProvenitaM10 |
XPU1.70 |
実証コード
http://lcamtuf.coredump.cx/iedie.html
The following proof of concept is available:
<script>
for(s='<a onclick=',i=0;i<8||(document.write(s+'>'));i++)s+=s;
</script>
Site screenshot:
Code snippet:
影響
IEが強制終了する。
トレース
イベント一覧
優先度 |
シグネチャ名 |
検知件数 |
High |
HTML_Mshtml_Overflow |
1 |
イベント詳細