{"vuid":"VU#679556","idnumber":"679556","name":"Microsoft Internet Explorer contains buffer overflow in processing of object types","keywords":["Microsoft","Internet Explorer","buffer overflow","object type","Q818529","MS03-020"],"overview":"A remotely exploitable vulnerability has been discovered in Internet Explorer. Exploitation of this vulnerability may lead to the execution of arbitrary code.","clean_desc":"A remotely exploitable buffer overflow vulnerability has been discovered in Internet Explorer versions 5.1, 5.5 and 6.0. The <object> tag contains a \"type\" field used to determine how Internet Explorer should treat an object. It is possible to bypass the buffer checks on the input to the \"type\" field by using a specific character and cause a buffer overflow. An attacker could create an HTML file that includes a malicious <OBJECT> tag to execute arbitrary code on the victim's machine. When a victim using a vulnerable version of IE, or other applications that use IE as their HTML interpreter, visits the malicious file (via web page, email message, file sharing, etc.), the attacker-supplied code will be executed.","impact":"Exploitation of this vulnerability may lead to the execution of arbitrary code with the privileges of the current user.","resolution":"Microsoft has released MS03-020 to resolve this issue.","workarounds":"","sysaffected":"","thanks":"Thanks to Microsoft Security and eEye Digital Security for reporting this vulnerability.","author":"This document was written by Jason A Rafail.","public":["http://www.microsoft.com/windows/ie/downloads/critical/818529/default.asp","http://www.microsoft.com/security/security_bulletins/ms03-020.asp","http://www.eeye.com/html/Research/Advisories/AD20030604.html","http://www.secunia.com/advisories/8943/"],"cveids":["CVE-2003-0344"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2003-06-04T18:38:10Z","publicdate":"2003-06-04T00:00:00Z","datefirstpublished":"2003-06-04T20:12:05Z","dateupdated":"2003-06-04T20:33:55Z","revision":13,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"18","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"15","cam_impact":"15","cam_easeofexploitation":"12","cam_attackeraccessrequired":"15","cam_scorecurrent":"17.465625","cam_scorecurrentwidelyknown":"18.984375","cam_scorecurrentwidelyknownexploited":"34.171875","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":17.465625,"vulnote":null}