Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:MS-WINDOWS-HYPERLINK-BO |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Microsoft Windows Hyperlink Buffer Overflow |
Release Date |
2012/01/09 |
Update Number |
2061 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Microsoft Windows Hyperlink Buffer Overflow
A buffer overflow exists in the Microsoft Windows system library used to handle hyperlink objects. An unchecked buffer in the Microsoft Object Library is vulnerable to attack when malformed hyperlinks are processed when a user clicks on a hyperlink in a browser or in HTML-rendered email. An attacker who successfully exploits this vulnerability can execute code with the privileges of the currently logged in user. In a simple attack case, the attacker can terminate the application that is using the ActiveX hyperlink library. In a sophisticated attack, he can inject arbitrary code into the target. The behaviour of the target is dependent on the nature of the malicious code. The exploit executes with the privileges of the currently logged in user. If this account has elevated privileges, an attacker may take control of the target system.
Extended Description
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.
Affected Products
- Microsoft windows_2000 (:advanced_server)
- Microsoft windows_2000 (:datacenter_server)
- Microsoft windows_2000 (:professional)
- Microsoft windows_2000 (:server)
- Microsoft windows_2000 (sp1)
- Microsoft windows_2000 (sp1:advanced_server)
- Microsoft windows_2000 (sp1:datacenter_server)
- Microsoft windows_2000 (sp1:professional)
- Microsoft windows_2000 (sp1:server)
- Microsoft windows_2000 (sp2)
- Microsoft windows_2000 (sp2:advanced_server)
- Microsoft windows_2000 (sp2:datacenter_server)
- Microsoft windows_2000 (sp2:professional)
- Microsoft windows_2000 (sp2:server)
- Microsoft windows_2000 (sp3)
- Microsoft windows_2000 (sp3:advanced_server)
- Microsoft windows_2000 (sp3:datacenter_server)
- Microsoft windows_2000 (sp3:professional)
- Microsoft windows_2000 (sp3:server)
- Microsoft windows_2000 (sp4)
- Microsoft windows_2000 (sp4:advanced_server)
- Microsoft windows_2000 (sp4:datacenter_server)
- Microsoft windows_2000 (sp4:professional)
- Microsoft windows_2000 (sp4:server)
- Microsoft windows_2003_server enterprise
- Microsoft windows_2003_server enterprise (:64-bit)
- Microsoft windows_2003_server enterprise_64-bit
- Microsoft windows_2003_server r2
- Microsoft windows_2003_server r2 (:64-bit)
- Microsoft windows_2003_server r2 (:datacenter_64-bit)
- Microsoft windows_2003_server standard
- Microsoft windows_2003_server standard (:64-bit)
- Microsoft windows_2003_server web
- Microsoft windows_98 (gold)
- Microsoft windows_98se
- Microsoft windows_me
- Microsoft windows_xp (:64-bit)
- Microsoft windows_xp (gold)
- Microsoft windows_xp (gold:professional)
- Microsoft windows_xp (:home)
- Microsoft windows_xp (:media_center)
- Microsoft windows_xp (sp1)
- Microsoft windows_xp (sp1:64-bit)
- Microsoft windows_xp (sp1:home)
- Microsoft windows_xp (sp1:media_center)
- Microsoft windows_xp (sp2)
- Microsoft windows_xp (sp2:home)
- Microsoft windows_xp (sp2:media_center)
- Microsoft windows_xp (sp2:tablet_pc)
References
- BugTraq: 12479
- CVE: CVE-2005-0057