• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Microsoft Internet Explorer Plugin.OCX EnableFullPage Input Validation Vulnerability

Microsoft Internet Explorer 'plugin.ocx' has been reported prone to an input validation vulnerability in some configurational circumstances.

It has been reported that due to insufficient sanitization performed on the EnableFullPage parameter that can be supplied by a third-party file type, an attacker may inject arbitrary script code which is then executed by Internet Explorer. The code is executed when a malicious URL to a third-party file is followed.

Exploitation of this issue is dependant on a third-party Internet Explorer plugin being installed on the vulnerable system.

Microsoft initially reported this vulnerability as a single issue within Plugin.ocx, however, there are in fact two separate issues that were fixed. The other vulnerability is described in BID 7420.