HighIBM Security Host Protection for Servers (Unix), IBM Security Network Protection, Proventia Server IPS for Linux technology, Virtual Server Protection for Vmware, Proventia Network MFS, IBM Security Host Protection for Servers (Windows), RealSecure Server Sensor, Proventia-G 1.1 and earlier, Proventia Network IDS, Proventia Network IPS, IBM Security Host Protection for Desktops:
This event triggers when an MHTML request references a local filesystem file and an overflow is present in the URL.
Checks for malformed mhtml request
High
IBM Security Host Protection for Servers (Unix): 2.2.2, IBM Security Network Protection: 5.1, Proventia Server IPS for Linux technology: 1.81, Virtual Server Protection for Vmware: 1.0, Proventia Network MFS: XPU 1.81, IBM Security Host Protection for Servers (Windows): 2.1.14.2400, RealSecure Server Sensor: XPU 24.42, IBM Security Host Protection for Servers (Windows): 1.0.914.1820, Proventia-G 1.1 and earlier: XPU 24.42, Proventia Network IDS: XPU 24.42, Proventia Network IPS: XPU 1.81, IBM Security Host Protection for Desktops: 1820
Microsoft Windows XP: SP2, Microsoft Windows 2003 Server: SP1 Itanium, Microsoft Windows XP: x64 Professional, Microsoft Windows 2003 Server: SP1, Microsoft Windows 2003 Server: x64, Microsoft Internet Explorer: 6.0
Denial of Service
Microsoft Internet Explorer is vulnerable to a buffer overflow in the inetcomm.dll file. By creating an overly long mhtml:mid: URL, a remote attacker could overflow a buffer and cause a victim's browser to crash or possibly execute arbitrary code on the victim's system, if the attacker could persuade the victim to click the malicious URL.
Apply the appropriate patch for your system, as listed in the latest Microsoft Security Bulletin. See References.
— OR —
Use Microsoft Automatic Update if it is supported by your operating system. The original bulletin issued by Microsoft has been superseded.
BugTraq Mailing List, Wed May 31 2006 - 15:12:01 CDT
Internet explorer Vulnerbility (sp)
http://archives.neohapsis.com/archives/bugtraq/2006-05/0695.html
Microsoft Security Bulletin MS06-043
Vulnerability in Microsoft Windows Could Allow Remote Code Execution (920214)
http://www.microsoft.com/technet/security/bulletin/ms06-043.mspx
US-CERT Technical Cyber Security Alert TA06-220A
Microsoft Windows, Office, and Internet Explorer Vulnerabilities
http://www.us-cert.gov/cas/techalerts/TA06-220A.html
US-CERT Vulnerability Note VU#891204
Microsoft Windows fails to properly parse the MHTML protocol
http://www.kb.cert.org/vuls/id/891204
Microsoft Security Bulletin MS06-076
Cumulative Security Update for Outlook Express (923694)
http://www.microsoft.com/technet/security/Bulletin/MS06-076.mspx
Microsoft Security Bulletin MS07-056
Security Update for Outlook Express and Windows Mail (941202)
http://www.microsoft.com/technet/security/Bulletin/ms07-056.mspx
Microsoft Security Bulletin MS08-048
Security Update for Outlook Express and Windows Mail (951066)
http://www.microsoft.com/technet/security/bulletin/ms08-048.mspx
Microsoft Security Bulletin MS10-030
Vulnerability in Outlook Express and Windows Mail Could Allow Remote Code Execution (978542)
http://www.microsoft.com/technet/security/bulletin/ms10-030.mspx
ISS X-Force
Microsoft Internet Explorer mhtml://mid URL buffer overflow
http://www.iss.net/security_center/static/26810.php
CVE
CVE-2006-2766
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2766