Advisory Details

June 13th, 2006

Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability

ZDI-06-017
ZDI-CAN-012

CVE ID CVE-2006-2382
CVSS SCORE
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Internet Explorer
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID ['4440']. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. Exploitaton does not require JavaScript, Java or ActiveX to be enabled.

The specific vulnerability is due to a miscalculation of memory sizes when translating UTF-8 characters to Unicode. A size mismatch between a heap allocation and memory copy results in an exploitable heap corruption.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
DISCLOSURE TIMELINE
  • 2006-01-20 - Vulnerability reported to vendor
  • 2006-06-13 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES