Search, View and Navigation
Mailing List
[SingCERT] Microsoft Internet Explorer 'winhlp32.exe' 'MsgBox()' Stack-Based Buffer Overflow Vulnerability
[ Summary ]
Microsoft Internet Explorer is prone to a stack-based buffer-overflow vulnerability.
Internet Explorer is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input. This issue affects the 'winhlp32.exe' binary, and can be triggered when overly long input is passed to the 'helpfile' parameter of a 'MsgBox()' generated with VBscript. Attackers can exploit this issue by enticing an unsuspecting user into opening a specially crafted webpage. Note that attackers also need to use social-engineering techniques to convince an unsuspecting user to press the 'F1' key when the attacker's message box prompts them to do so.
Internet Explorer 6, 7, and 8 are vulnerable when running on the Windows XP platform.
[ Affected System ]
Microsoft Internet Explorer 6.0
Microsoft Windows 2000 Advanced Server/SP1/SP2
Microsoft Windows 2000 Datacenter Server/SP1/SP2
Microsoft Windows 2000 Professional/SP1/SP2
Microsoft Windows 2000 Server/SP1/SP2
Microsoft Windows 2000 Terminal Services/SP1/SP2
Microsoft Windows 98, 98SE
Microsoft Windows ME
Microsoft Windows NT 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows Server 2003 Datacenter Edition/Datacenter Edition Itanium
Microsoft Windows Server 2003 Enterprise Edition/Enterprise Edition Itanium
Microsoft Windows Server 2003 Standard Edition/Web Edition
Microsoft Windows XP Home/Professional
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 7.0
Avaya CIE 1.0
Avaya Messaging Application Server
Microsoft Windows Server 2003 SP2/Itanium SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2008 for 32-bit Systems/SP2
Microsoft Windows Server 2008 for Itanium-based Systems/SP2
Microsoft Windows Server 2008 for x64-based Systems/SP2
Microsoft Windows Vista/SP1/SP2
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Ultimate
Microsoft Windows Vista x64 Edition/SP1/SP2
Microsoft Windows XP
Microsoft Windows XP 64-bit Edition/SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP Embedded/SP1/SP3
Microsoft Windows XP Gold
Microsoft Windows XP Home/SP1/SP2/SP3
Microsoft Windows XP Media Center Edition/SP1/SP2/SP3
Microsoft Windows XP Professional/SP1/SP2/SP3
Microsoft Windows XP Professional x64 Edition/SP2
Microsoft Windows XP Tablet PC Edition/SP1/SP2/SP3
Microsoft Internet Explorer 7.0.5730 .11
Microsoft Internet Explorer 8
Microsoft Internet Explorer 8 RC1
Microsoft Windows 7 beta
Microsoft Windows 2000 Advanced Server/SP1/SP2
Microsoft Windows 2000 Datacenter Server/SP1/SP2
Microsoft Windows 2000 Professional/SP1/SP2
Microsoft Windows 2000 Server/SP1/SP2
Microsoft Windows 2000 Terminal Services/SP1/SP2
Microsoft Windows 98, 98SE
Microsoft Windows ME
Microsoft Windows NT 4.0 SP6a
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0 SP6a
Microsoft Windows Server 2003 Datacenter Edition/Datacenter Edition Itanium
Microsoft Windows Server 2003 Enterprise Edition/Enterprise Edition Itanium
Microsoft Windows Server 2003 Standard Edition/Web Edition
Microsoft Windows XP Home/Professional
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 7.0
Avaya CIE 1.0
Avaya Messaging Application Server
Microsoft Windows Server 2003 SP2/Itanium SP2
Microsoft Windows Server 2003 x64 SP2
Microsoft Windows Server 2008 for 32-bit Systems/SP2
Microsoft Windows Server 2008 for Itanium-based Systems/SP2
Microsoft Windows Server 2008 for x64-based Systems/SP2
Microsoft Windows Vista/SP1/SP2
Microsoft Windows Vista Business
Microsoft Windows Vista Enterprise
Microsoft Windows Vista Home Basic
Microsoft Windows Vista Home Premium
Microsoft Windows Vista Ultimate
Microsoft Windows Vista x64 Edition/SP1/SP2
Microsoft Windows XP
Microsoft Windows XP 64-bit Edition/SP1
Microsoft Windows XP 64-bit Edition Version 2003
Microsoft Windows XP Embedded/SP1/SP3
Microsoft Windows XP Gold
Microsoft Windows XP Home/SP1/SP2/SP3
Microsoft Windows XP Media Center Edition/SP1/SP2/SP3
Microsoft Windows XP Professional/SP1/SP2/SP3
Microsoft Windows XP Professional x64 Edition/SP2
Microsoft Windows XP Tablet PC Edition/SP1/SP2/SP3
Microsoft Internet Explorer 7.0.5730 .11
Microsoft Internet Explorer 8
Microsoft Internet Explorer 8 RC1
Microsoft Windows 7 beta
[ Impact Analysis ]
Attackers can exploit this issue to execute arbitrary code in the context of the user running the application. Successful exploits will compromise the application and possibly the underlying computer. Failed attacks will cause denial-of-service conditions.
[ Solution/Workaround ]
As attackers may leverage on social engineering techniques to convince users to press ‘F1′, organisations are advised to educate users on the following;
- Do not to follow links provided by unknown or untrusted sources (email, instant message..etc.)
- Web users should be cautious about following links to sites that are provided by unfamiliar or suspicious sources
- Do not to click on on pop-up dialog boxes requesting them to press ‘F1′
[ Reference ]
- Investigating a new win32hlp and Internet Explorer issue (Microsoft Security Response Center) Microsoft Security Response Center http://blogs.technet.com/msrc/archive/2010/02/28/investigating-a-new-win32hlp-and-internet-explorer-issue.aspx
- isec-0027-msgbox-helpfile-ie.txt (Maurycy Prodeus) Maurycy Prodeus http://isec.pl/vulnerabilities/isec-0027-msgbox-helpfile-ie.txt
- Microsoft Internet Explorer Homepage (Microsoft) Microsoft http://www.microsoft.com/ie/
| < Prev | Next > |
|---|