Vulnerability-Lookup

CERTA-2004-AVI-383

Vulnerability from certfr_avis - Published: 2004-12-02 - Updated: 2004-12-02

Une vulnérabilité découverte dans Internet Explorer 6 permet à un utilisateur mal intentionné d'exécuter du code arbitraire sur le système vulnérable.

Description

Le logiciel de navigation Internet Explorer 6 de Microsoft présente une vulnérabilité de type débordement de mémoire (Buffer Overflow) due à un mauvais traitement des attributs SRC et NAME des balises \<FRAME> et \<IFRAME> qui permettent aux développeurs d'insérer des cadres dans une page HTML. Cette vulnérabilité permet à une personne mal intentionnée d'exécuter du code arbitraire, avec les privilèges de la victime, à l'aide d'une page HTML ou d'un courrier électronique malicieusement constitué.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. Documentation).

None

Impacted products

Vendor	Product	Description
Microsoft	Windows	Internet Explorer 6 Service Pack 1 sous Microsoft Windows NT Server 4.0 Service Pack 6a ;
Microsoft	Windows	Internet Explorer 6 Service Pack 1 sous Microsoft Windows XP Service Pack 1 ;
Microsoft	Windows	Internet Explorer 6 Service Pack 1 sous Microsoft Windows 98, Windows 98 SE & Windows Me ;
Microsoft	Windows	Internet Explorer 6 sous Microsoft Windows XP Service Pack 1 (64-bit Edition).
Microsoft	Windows	Internet Explorer 6 Service Pack 1 sous Microsoft Windows 2000 Service Pack 3 & Service Pack 4 ;
Microsoft	Windows	Internet Explorer 6 Service Pack 1 sous Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6 ;

References

Title

Publication Time

Tags

Bulletin d'alerte de sécurité CERTA-2004-ALE-012	None	vendor-advisory
Bulletin de sécurité Microsoft MS04-040	None	vendor-advisory
Bulletin d'alerte CERTA-2004-ALE-012 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Internet Explorer 6 Service Pack 1 sous Microsoft Windows NT Server 4.0 Service Pack 6a ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 sous Microsoft Windows XP Service Pack 1 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 sous Microsoft Windows 98, Windows 98 SE \u0026 Windows Me ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 sous Microsoft Windows XP Service Pack 1 (64-bit Edition).",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 sous Microsoft Windows 2000 Service Pack 3 \u0026 Service Pack 4 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    },
    {
      "description": "Internet Explorer 6 Service Pack 1 sous Microsoft Windows NT Server 4.0 Terminal Service Edition Service Pack 6 ;",
      "product": {
        "name": "Windows",
        "vendor": {
          "name": "Microsoft",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nLe logiciel de navigation Internet Explorer 6 de Microsoft pr\u00e9sente une\nvuln\u00e9rabilit\u00e9 de type d\u00e9bordement de m\u00e9moire (Buffer Overflow) due \u00e0 un\nmauvais traitement des attributs SRC et NAME des balises \\\u003cFRAME\\\u003e et\n\\\u003cIFRAME\\\u003e qui permettent aux d\u00e9veloppeurs d\u0027ins\u00e9rer des cadres dans une\npage HTML. Cette vuln\u00e9rabilit\u00e9 permet \u00e0 une personne mal intentionn\u00e9e\nd\u0027ex\u00e9cuter du code arbitraire, avec les privil\u00e8ges de la victime, \u00e0\nl\u0027aide d\u0027une page HTML ou d\u0027un courrier \u00e9lectronique malicieusement\nconstitu\u00e9.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. Documentation).\n",
  "cves": [],
  "initial_release_date": "2004-12-02T00:00:00",
  "last_revision_date": "2004-12-02T00:00:00",
  "links": [
    {
      "title": "Bulletin d\u0027alerte CERTA-2004-ALE-012 :",
      "url": "http://www.certa.ssi.gouv.fr/site/CERTA-2004-ALE-012/index.html"
    }
  ],
  "reference": "CERTA-2004-AVI-383",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2004-12-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 d\u00e9couverte dans Internet Explorer 6 permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire sur le syst\u00e8me\nvuln\u00e9rable.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans Internet Explorer 6",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin d\u0027alerte de s\u00e9curit\u00e9 CERTA-2004-ALE-012",
      "url": null
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Microsoft MS04-040",
      "url": "http://www.microsoft.com/technet/security/bulletin/MS04-040.mspx"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted