Microsoft Internet Explorer MSHTML.DLL CSS Handling Remote Buffer Overflow Vulnerability

SecurityFocus ^ | 3/9/2005

[B Knotts]

Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability.

This issue presents itself when the application handles a malformed CSS file.

A typical attack would involve the attacker creating a Web site that includes the malicious CSS file. The attacker may then entice a vulnerable user to visit the site. If successful, this attack may result in granting the attacker unauthorized access to the affected computer in the context of the user running Internet Explorer.

[B Knotts]

A heads up for IE-using Windows users.

This is a new one, as far as I know.

[ShadowAce]

IE Ping!

[TommyDale]

Uh-oh! Here come those Apple and Linux wackos, trying to convince everyone what a horrible person Bill Gates is!

[SengirV]

So this is different than this one posted earlier today - http://freerepublic.com/focus/f-news/1359141/posts

But still, where are all the pro MS folks who claim MS/IE is superior to the competition? And what of the story from a month ago from the "indepenedent" investigators who found MS/IE to be superior with respect to security than Mozilla/Linux/Unix/etc?

I won't hold my breathe.

[DTA]

1. Install Mozilla Firefox

2. Install Ad Aware

3. Install Spy Bot

4. Install AVG

5. Install hardare firewall

6. Install software firewall "You get what you paid for" does not apply here - AVG, SpyBot, Firefox are free for personal use. Use IE for IE for Windows updates only!

[holymoly]

Microsoft Internet Explorer is reported prone to a remote buffer overflow vulnerability.

For those interested in test-driving alternative browsers:

Mozilla/Firefox
Off By One
Opera

[B Knotts]

But still, where are all the pro MS folks who claim MS/IE is superior to the competition?

Hopefully, downloading Firefox.

Or Linux.

:-)

[SengirV]

They usually skip threads like this and only show up with pro Linux and Apple threads.

[Rifleman]

I am begining to think that the only way to use Windows of any vintage, safely, is to run it under VMware or XEN or Boch (sp?) or other virtualization system, booting it from a cd.
Then when it croaks from malware or just bitrot, as it will, you can restart a clean copy from the cd.

[Nick Danger]

Here's Microsoft allowing Chinese hackers to break into our military's most sensitive computers. Get out those pom-poms and start dancin'.

Microsoft Microsoft yay! yay! yay!
Microsoft Microsoft all the way!

[Doohickey]

Did you purposely skip over the vulnerability in the 2.6 Linux kernel, or is that posted elsewhere?

[B Knotts]

Which vulnerability is that? I'm not aware of any in 2.6.11 or 2.4.29.

[zeugma]

Actually, with VMWare, it's even easier than installing a new copy from CD. I just zip up the VMWare directory where the virtual disk lives. When crap starts happening in the VM, I delete the directory and unzip a fresh copy.

I really like vmware, but don't use it nearly as much as I used to as I'm rarely needing the emulation it provides any more other than to check out LiveCD Linux distributions like Knoppix. It's worth what you pay for it though.

[Doohickey]

Golly, I don't know how you missed it. Clicky.

[B Knotts]

Thanks. Hadn't seen that one yet on any of the news sites.

My guess, though, is that there will be a fix before there is an actual exploit. This is not the case with the IE hole.

[B Knotts]

Looks like there's already a patch for that, actually. Dunno how long before a new kernel is released, though.

[zeugma]

Looks like a local exploit. Not a big worry to folks who run Linux on their desktop, unless they are busy hacking themselves, in which case, they have bigger problems.:-)

For servers where there are untrusted users, this whould be watched and patched.

[Doohickey]

It's not a patch, it's a workaround.

[Doohickey]

It doesn't say one way or the other.

[ShadowAce]

Look at the fifth line down--that indicates that it's a local exploit