Users login

Create an account »


Users login

Home » Hacking News » Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vuln.

Microsoft Internet Explorer HTML Document Directive Buffer Overflow Vuln.

by Nikola Strahija on February 13th, 2002 Due to a flaw in IE's implementation of an HTML directive, it is possible for a remote attacker to execute arbitrary code on a user's system.

MSIE supports a directive to embed document files in webpages. A buffer overflow condition exists in this feature that may allow for remote attackers to execute arbitrary code on client systems. This vulnerability may be exploited to execute arbitrary code through a maliciously constructed webpage or HTML email. Any arbitary code will be executed within the security context of the user running the client.

Successful exploitation of this issue could result in a compromise of the host.

Remote: Yes
Exploit: There is no exploit.
Solution: Microsoft has released a patch which addresses this issue:

Microsoft Internet Explorer 5.01:
Microsoft Internet Explorer 5.0.1SP2:

Microsoft Patch q316059_IE 5.01

Microsoft Internet Explorer 5.0.1SP1:
Microsoft Internet Explorer 5.5SP2:

Microsoft Patch q316059_IE 5.5SP2

Microsoft Internet Explorer 5.5SP1:

Microsoft Patch q316059_IE 5.5SP1

Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0:

Microsoft Patch q316059_IE6

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »