Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Internet Explorer plugin.ocx input validation error

Microsoft Internet Explorer plugin.ocx input validation error

by Mario Miri on May 16th, 2003 Microsoft Internet Explorer plugin.ocx has been reported prone to an input validation vulnerability in some configurational circumstances. It has been reported that due to insufficient sanitization performed on the EnableFullPage parameter that can be supplied by a third-party file type, an attacker may inject arbitrary script code which is then executed by Internet Explorer. The code is executed when a malicious URL to a third-party file is followed.


Vulnerable:
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 SP1


Solution:
Patch information is available from:
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp


Discovered by:
Uknown


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »