Vigil@nce: Internet Explorer, code execution via substringData
June 2008 by Vigil@nce
An attacker can create a web page using the substringData() method
in order to execute code on victim’s computer when the web site is
visited.
– Gravity: 4/4
– Consequences: user access/rights
– Provenance: internet server
– Means of attack: no proof of concept, no attack
– Ability of attacker: expert (4/4)
– Confidence: confirmed by the editor (5/5)
– Diffusion of the vulnerable configuration: high (3/3)
– Creation date: 11/06/2008
– Identifier: VIGILANCE-VUL-7882
IMPACTED PRODUCTS
Microsoft Internet Explorer [confidential versions]
DESCRIPTION
The substringData() method extracts a character string:
r = object.substringData(iOffset, iCount);
When this method is used on a modified DOM object, a heap overflow
occurs.
An attacker can therefore create a web page using the
substringData() method in order to execute code on victim’s
computer when the web site is visited.
CHARACTERISTICS
– Identifiers: 950759, CVE-2008-1442, MS08-031, VIGILANCE-VUL-7882,
ZDI-08-039
– Url: https://vigilance.aql.fr/tree/1/7882