4 NEW VULNERABILITIES DISCOVERED BY SECUNIA!


G

Guest

Secunia Advisory: SA12048


TITLE:
Microsoft Internet Explorer Multiple Vulnerabilities

SECUNIA ADVISORY ID:
SA12048

RELEASE DATE:
2004-07-13

VERIFY ADVISORY:
http://secunia.com/advisories/12048/

CRITICAL:
Extremely critical

WHERE:
From remote

IMPACT:
Security Bypass
Spoofing
System access

SOFTWARE:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

DESCRIPTION:
Paul has reported some vulnerabilities in Internet Explorer, allowing malicious people to bypass security restrictions and potentially compromise a vulnerable system.

1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.

Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too.

2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".

This issue is a variant of an issue discovered by Liu Die Yu.
SA9711

http-equiv has posted a PoC (Proof of Concept), which combined with the inherently insecure Windows "shell:" functionality, can be exploited to compromise a vulnerable system.

3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.

4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.

Successful exploitation may potentially cause users to open harmful files or do other harmful actions without knowing it.

An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.

Issues 1-4 has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1.

Previous versions of Internet Explorer may also be affected.


SOLUTION:
Disable Active Scripting.

Use another product.


REPORTED BY CREDITS:
1-3) Discovered by Paul (greyhats).
4) Originally discovered by Georgi Guninski.


OTHER REFERENCES:
SA9711:
http://secunia.com/advisories/9711/



Secunia Advisory: SA12048
 
Ad

Advertisements


Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top