• Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools

My AntiSpyware

Free antispyware software, Online Scanners, Instructions on how to remove spyware and malware.

Menu
  • Downloads
  • Threats
    • Adware
    • Browser Hijacking
    • Rogue Anti Spyware
    • Virus
  • Questions and Answers
  • Recover Encrypted Files
  • Free Malware Removal Tools
Home › Exploits & Vulnerabilities › New unpatched vulnerability in the Internet Explorer (mshtml.dll) found

New unpatched vulnerability in the Internet Explorer (mshtml.dll) found

Myantispyware team March 17, 2006     No Comment    

There is a new and unpatched vulnerability with exploit code in the wild that affects the latest version of IE. The exploit works by including an abnormally large (a couple thousand) number of script actions inside a single HTML tag.

This vulnerability can be triggered by specifying more than a couple
thousand script action handlers (such as onLoad, onMouseMove, etc) for any
single HTML tag. Due to a programming error, MSIE will then attempt to
write memory array out of bounds, at an offset corresponding to the ID of
the script action handler multiplied by 4 (due to 32-bit address clipping,
the result is a small positive integer).

The list of IDs can be found on the Web, and is as follows (values in
parentheses = resulting offsets):

onhelp = 0x8001177d (+0x45df4)
onclick = 0x80011778 (+0x45de0)
ondblclick = 0x80011779 (+0x45de4)
onkeyup = 0x80011776 (+0x45dd8)
onkeydown = 0x80011775 (+0x45dd4)
onkeypress = 0x80011777 (+0x45ddc)
onmouseup = 0x80011773 (+0x45dcc)
onmousedown = 0x80011772 (+0x45dc8)
onmousemove = 0x80011774 (+0x45dd0)
onmouseout = 0x80011771 (+0x45dc4)
onmouseover = 0x80011770 (+0x45dc0)
onreadystatechange = 0x80011789 (+0x45e24)
onafterupdate = 0x80011786 (+0x45e18)
onrowexit = 0x80011782 (+0x45e08)
onrowenter = 0x80011783 (+0x45e0c)
ondragstart = 0x80011793 (+0x45e4c)
onselectstart = 0x80011795 (+0x45e54)

This will cause a memory array to write out of bounds and cause overflow in Microsoft Internet Explorer (mshtml.dll) and as result an immediate or eventual browser crash. Both McAfee and Symantec have released signatures to detect this exploit. While this is only a DoS vulnerability at the moment, there is ongoing attempts to try to use this as a vector for remote code execution.

Tested on MSIE 6.0.2900.2180.xpsp2.040806-1825 on Windows XP SP2. As far
as I can tell, other browser makes (Firefox, Opera) are not susceptible to
this attack.

Thanks to SecurityFocus

Exploits & Vulnerabilities

Author: Myantispyware team

Myantispyware is an information security website created in 2004. Our content is written in collaboration with Cyber Security specialists, IT experts, under the direction of Patrik Holder and Valeri Tchmych, founders of Myantispyware.com.

Leave a Reply Cancel reply




New Guides

Mo22.biz
How to remove Mo22.biz pop-ups (Virus removal guide)
gtlbin.pro
How to remove Gtlbin.pro pop-ups (Virus removal guide)
New-message.co pop-ups
How to remove New-message.co pop up scam (Virus removal guide)
Maxcooper.club
How to remove Maxcooper.club pop-ups (Virus removal guide)
Mo21.biz
How to remove Mo21.biz pop-ups (Virus removal guide)

Follow Us

Search

Useful Guides

Iphone Calendar virus spam
Iphone Calendar Virus/Spam (Removal guide)
How to reset Mozilla Firefox (Updated Apr. 2018)
How to remove browser hijacker virus (Chrome, Firefox, IE, Edge)
Malwarebytes won’t install, run or update – How to fix it
Best free malware removal tools
Best Free Malware Removal Tools 2020

Recent Posts

Multiple vulnerabilities have been identified in various Macromedia products
How to remove BraveSentry
Fake Windows Sites + WMF Explot + Keyloger = New Botnet
Trojan Horse keylogger steal end-user information for popular online games.
LdPinch again spammed via ICQ

MYANTISPYWARE.COM

  • About Us
  • Contact Us
  • Privacy Policy

NEED A HELP ?

If you're seeing unwanted pop-ups or ads in your web-browser, you might have an adware installed on your computer. Use the following guide to stop pop-up ads and remove malicious software. Or ask for help here.

Links

  • Downloads
  • Instructions
  • Questions and Answers
  • Free Malware Removal Tools
Copyright © 2004 - 2020 My AntiSpyware - Free antispyware programs and Spyware Removal Instructions.