Advisory Details

June 13th, 2006

Microsoft Internet Explorer UTF-8 Decoding Heap Overflow Vulnerability

ZDI-06-017
ZDI-CAN-012

CVE ID CVE-2006-2382
CVSS SCORE
AFFECTED VENDORS Microsoft
AFFECTED PRODUCTS Internet Explorer
TREND MICRO CUSTOMER PROTECTION Trend Micro TippingPoint IPS customers are protected against this vulnerability by Digital Vaccine protection filter ID 4440. For further product information on the TippingPoint IPS: http://www.tippingpoint.com
VULNERABILITY DETAILS

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. Successful exploitation requires that the target user browse to a malicious web page. Exploitaton does not require JavaScript, Java or ActiveX to be enabled.

The specific vulnerability is due to a miscalculation of memory sizes when translating UTF-8 characters to Unicode. A size mismatch between a heap allocation and memory copy results in an exploitable heap corruption.

ADDITIONAL DETAILS Microsoft has issued an update to correct this vulnerability. More details can be found at:
http://www.microsoft.com/technet/security/bulletin/MS06-021.mspx
DISCLOSURE TIMELINE
  • 2006-01-20 - Vulnerability reported to vendor
  • 2006-06-13 - Coordinated public release of advisory
CREDIT Anonymous
BACK TO ADVISORIES