---------------------------------------------------------------------- Want to join the Secunia Security Team? Secunia offers a position as a security specialist, where your daily work involves reverse engineering of software and exploit code, auditing of source code, and analysis of vulnerability reports. http://secunia.com/secunia_security_specialist/ ---------------------------------------------------------------------- TITLE: Microsoft Windows "mhtml:" URI Buffer Overflow Vulnerability SECUNIA ADVISORY ID: SA20384 VERIFY ADVISORY: http://secunia.com/advisories/20384/ CRITICAL: Less critical IMPACT: DoS WHERE: >From remote OPERATING SYSTEM: Microsoft Windows XP Professional http://secunia.com/product/22/ Microsoft Windows XP Home Edition http://secunia.com/product/16/ Microsoft Windows Server 2003 Web Edition http://secunia.com/product/1176/ Microsoft Windows Server 2003 Standard Edition http://secunia.com/product/1173/ Microsoft Windows Server 2003 Datacenter Edition http://secunia.com/product/1175/ Microsoft Windows Server 2003 Enterprise Edition http://secunia.com/product/1174/ DESCRIPTION: Mr.Niega has discovered a vulnerability in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) on certain applications on a user's system. The vulnerability is caused due to a boundary error in inetcomm.dll within the processing of URLs with the "mhtml:" URI handler. This can be exploited to cause a stack-based buffer overflow via an overly long URL by e.g. tricking a user into visiting a malicious web site with Internet Explorer or opening a specially crafted Internet shortcut. Successful exploitation crashes the application using the vulnerable library. Execution of arbitrary code may be possible, but has currently not been proven as it is prevented by the DEP (Data Execution Prevention) mechanism. The vulnerability has been confirmed on a fully patched system with Microsoft Windows XP SP2 and Microsoft Windows 2003 Server. SOLUTION: Disable the "mhtml:" URI handler. This may affect the functionality. PROVIDED AND/OR DISCOVERED BY: Mr.Niega ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------