|
darkfly
LysergicExperimenter

Registered: 09/16/01
Posts: 1,169
Last seen: 8 years, 5 months
|
Multiple Internet Explorer Vulnerabilities
#2885482 - 07/13/04 10:18 AM (19 years, 6 months ago) |
|
|
This Was Published Today, the 13th Full Story can be found here
Paul has reported some vulnerabilities in Internet Explorer, allowing malicious people to bypass security restrictions and potentially compromise a vulnerable system.
1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.
Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too.
2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".
This issue is a variant of an issue discovered by Liu Die Yu. SA9711
http-equiv has posted a PoC (Proof of Concept), which combined with the inherently insecure Windows "shell:" functionality, can be exploited to compromise a vulnerable system.
3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.
4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.
Successful exploitation may potentially cause users to open harmful files or do other harmful actions without knowing it.
An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.
Issues 1-4 has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1.
Previous versions of Internet Explorer may also be affected.
Solution: Disable Active Scripting.
Use another product.
-------------------- Everything Is Blue In This World. The Deepest Shade Of Mushroom Blue.
|
DF2K
Me.


Registered: 06/01/02
Posts: 5,826
Loc: The land before time
Last seen: 10 years, 1 month
|
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
#2886579 - 07/13/04 03:06 PM (19 years, 6 months ago) |
|
|
Internet explorer is and always will be buggy (it will never change, lol), so i either use firefox or opersa for my web browsing need
|
DF2K
Me.


Registered: 06/01/02
Posts: 5,826
Loc: The land before time
Last seen: 10 years, 1 month
|
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
#2886581 - 07/13/04 03:06 PM (19 years, 6 months ago) |
|
|
Internet explorer is and always will be buggy (it will never change, lol), so i either use firefox or opera for my web browsing need
|
mycoguy
old hand

Registered: 03/25/04
Posts: 874
Loc: PNW
Last seen: 13 years, 3 months
|
Re: Multiple Internet Explorer Vulnerabilities [Re: DF2K]
#2889602 - 07/14/04 12:41 PM (19 years, 6 months ago) |
|
|
exactly the reason I have Windows Update set to AUTO.
--------------------
(and no, that's not me in the avatar) Yahoo! Pacific Northwest Mycology Group
|
Ooze
Oozalicious

Registered: 06/03/03
Posts: 80
Loc: FL
Last seen: 18 years, 7 months
|
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
#2891846 - 07/14/04 11:40 PM (19 years, 6 months ago) |
|
|
yeah i like firefox a lot. Always keep windows updated...a lot of virus's recently have come from people making them After a vulnerability has been documented and fixed. The reason that some of these virus's have spread and caused the damage they have is becuase many people dont update their computers!
|
Le_Canard
The Duk Abides

Registered: 05/16/03
Posts: 94,392
Loc: Earthfarm 1
|
Re: Multiple Internet Explorer Vulnerabilities [Re: Ooze]
#2892060 - 07/15/04 01:01 AM (19 years, 6 months ago) |
|
|
Quote:
Ooze said: yeah i like firefox a lot. Always keep windows updated...a lot of virus's recently have come from people making them After a vulnerability has been documented and fixed. The reason that some of these virus's have spread and caused the damage they have is becuase many people dont update their computers!
Absolutely! So keep that puppy updated!
|
Le_Canard
The Duk Abides

Registered: 05/16/03
Posts: 94,392
Loc: Earthfarm 1
|
Re: Multiple Internet Explorer Vulnerabilities [Re: Le_Canard]
#2892145 - 07/15/04 01:45 AM (19 years, 6 months ago) |
|
|
And speaking of which, there are some new updates on the M$ site.
|
AhronZombi
AhronZombi

Registered: 04/06/04
Posts: 1,265
|
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
#2892308 - 07/15/04 03:43 AM (19 years, 6 months ago) |
|
|
the updates arnt a solution MS finds and fixes problems way too slow due to their closed source setup. many many people are exploited before their is a fix usually and their developers dont fix problems 24/7 thats why the only solution is open source. im glad a number of companys are now backing newer mozilla developement trying to make it the standard. also many companys are moving away from IE . this should have been done long ago. and while they are at it move away from the os as well
|
|