Window.External JScript Vulnerability in Internet Explorer 4.0

A buffer overflow exists in the JScript Scripting Engine that could cause Internet Explorer to crash when it encounters a web page that uses JScript script to invoke the Window.External function with a very long string.

Issue

Microsoft Internet Explorer 4.0, 4.01, and 4.01 SP1 use the JScript Scripting Engine version 3.1 to process scripts on a Web page. When Internet Explorer encounters a web page that uses JScript script to invoke the Window.External function with a very long string, Internet Explorer could terminate.

Long strings do not normally occur in scripts and must be intentionally created by someone with malicious intent. A skilled hacker could use this malicious script message to run arbitrary computer code contained in the long string.

In order for users to be affected by this problem, they must visit a Web site that was intentionally designed to include a malicious script.

Affected Products

• Internet Explorer 4.0, 4.01 and 4.01 SP1 on Windows 95, 98 & NT 4.0

Solution

Users using the affected version of Internet Explorer should either upgrade to the current version or download the current version of the Windows Script engine from http://www.microsoft.com/msdownload/vbscript/scripting.asp.

Further Details

Source: Microsoft Corporation

Reference: Microsoft Corporation

Updated: August 17, 1998

>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<