TechSpot

Welcome to TechSpot     
Join now  |  Login  | About     

Home Reviews Guides Downloads Drivers Forums
TechSpot Pricewatch TechSpot Hot Deals
Windows Startup Radar Tips & Tricks (blog) Guides & Tweaks Windows updates
News Archive TechSpot Blog TechSpot RSS Feeds User Picture Gallery Techspot's IRC# (Chat) TechSpot in Spanish
 

RIM announces the BlackBerry Bold, $150M development fund
Weekend tech reading (5.10)
Microsoft appeals record European Commission fine
MPAA demands $15.4 million from The Pirate Bay
News from around the web (05/09/08)
Issues with XP SP3 plague many
View last 50 headlines
View last commented

Avant Browser 11.6 Beta 13
Reaper 2.206
AVG Anti-Virus Updates May 9, 2008
Trend Micro Pattern File for Windows 5.267.00
Ashampoo WinOptimizer 5.04
J. River Media Center 12.0.494
Super Utilities Pro 2008 8.0.1988
More Downloads

ASRock K10N78hSLI-WiFi Bios v 1.00
ASRock K10N78hSLI-WiFi Bios v 1.00 for DOS
ASRock K10N78hSLI-GLAN Bios v 1.00
ASRock K10N78hSLI-GLAN Bios v 1.00 for DOS
ASRock ALiveDual-eSATA2 Bios v 1.30
Latest 50 drivers



Make homepage

Add to Favorites

IRC #3dspotlight

TS in Spanish

 
MHT Buffer Overflow in Internet Explorer
By TS | Thomas, TechSpot.com
Published: March 23, 2003, 3:22 PM EST




SUMMARY:
IE5 introduced the new 'Web Archive' format for storing web pages, which have the extension MHT. The 'Web Archive' saves a web page as a single document complete with all images. The format is a standard mime/multipart e-mail message, a mime decoding program such as 7bit, 8bit & Base 64 decoder should be able to turn it into something usable with your OS & browser of choice.

This format is pretty nifty & usable, however, there is a potential security breach found when used with encoded executable along with malformed MIME header in the 'Web Archive'. If the encode data is executable or has a single word "MZP" encoded within & Content-Type is not designated, IE5 will be terminated by critical buffer overflow. Consequently, one could compromise the client pc by executing malicious code in the memory.

AFFECTED SYSTEM:
Microsoft Internet Explorer 5.5 & 6.0; prior versions are not vulnerable.

WORKAROUND:
Currently none available.

Would you like to know more? Thanks PIVX.

2 user comments so far.

 

[ There are 2 additional user comments, Post a Comment | Send to a friend ]

Posted by warr on March 23, 2003 at 7:39 PM
these days, so many security patches. :blackeye:

Posted by TS | Thomas on March 24, 2003 at 10:29 AM
Unfortunately not :( Microsoft seems to take forever to get around to some things & others they say, well, no by our definition it requires too much interaction to be a security risk. Bah. If you want security Opera seems to have a great record, they actually fix things.

Please login or register to submit your comment.

Upon registering you will gain complete access to the TechSpot community and join the thousands of computer and technology enthusiasts that share knowledge in our forum. You will be able to post messages, get a private inbox, upload your own photo gallery and more.

Add your comment:

Disable smilies in this post.
Disable block tag code.
Add [url] tag at URLs.


  TechSpot Pricewatch - Computer & Electronics Prices updated everyday

-
Search:    for    

You can also browse through categories in our online price guide, among the available categories: Retail & OEM Processors - Video Cards - Motherboards - Memory - Soundcards - Hard Drives - Monitors - Printers - DVDs - CD-RWs - PDAs and more !

  TechSpot  The PC Enthusiast Resource    |    News    |    Reviews    |    Guides    |    Downloads    |    Drivers    |    Forums    |    Pricewatch    |    News Archive    |    RSS Feeds

  Our Blog    |    Tech Deals    |   vb Sitemap    |    User Gallery    |    Startup Radar    |    Icons by Foood    |    Powered by StoryTeller    |    TechSpot in Spanish


  Copyright © 1998-2008 TechSpot.com. TechSpot is a registered trademark. All Rights Reserved. Privacy policy.

Advertising | About TechSpot