Home | Community | Message Board


Marijuana Demystified
Please support our sponsors.

General Interest >> Science and Technology

Welcome to the Shroomery Message Board! You are experiencing a small sample of what the site has to offer. Please login or register to post messages and view our exclusive members-only content. You'll gain access to additional forums, file attachments, board customizations, encrypted private messages, and much more!

Jump to first unread post. Pages: 1
Offlinedarkfly
LysergicExperimenter

Registered: 09/17/01
Posts: 1,169
Last seen: 1 year, 11 months
Multiple Internet Explorer Vulnerabilities
    #2885482 - 07/13/04 12:18 PM (13 years, 12 days ago)


This Was Published Today, the 13th
Full Story can be found here

Paul has reported some vulnerabilities in Internet Explorer, allowing malicious people to bypass security restrictions and potentially compromise a vulnerable system.

1) It is possible to redirect a function to another function with the same name, which allows a malicious website to access the function without the normal security restrictions.

Successful exploitation allows execution of arbitrary script code in the context of another website. This could potentially allow execution of arbitrary code in other security zones too.

2) Malicious sites can trick users into performing actions like drag'n'drop or click on a resource without their knowledge. An example has been provided, which allows sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".

This issue is a variant of an issue discovered by Liu Die Yu.
SA9711

http-equiv has posted a PoC (Proof of Concept), which combined with the inherently insecure Windows "shell:" functionality, can be exploited to compromise a vulnerable system.

3) It is possible to inject arbitrary script code into Channel links in Favorites, which will be executed when the Channel is added. The script code is executed in Local Security Zone context.

4) It is possible to place arbitrary content above any other window and dialog box using the "Window.createPopup()" function. This can be exploited to "alter" the appearance of dialog boxes and other windows.

Successful exploitation may potentially cause users to open harmful files or do other harmful actions without knowing it.

An additional issue allowing malicious sites to inject script into the Local Security Zone using anchor references has also been reported to affect Internet Explorer 6 running on Windows XP SP2 (release candidate / beta). This issue could not be confirmed on a fully patched Windows XP SP1 system.

Issues 1-4 has been confirmed on a fully patched system with Internet Explorer 6 and Microsoft Windows XP SP1.

Previous versions of Internet Explorer may also be affected.

Solution:
Disable Active Scripting.

Use another product.


--------------------
Everything Is Blue In This World. The Deepest Shade Of Mushroom Blue.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineDF2K
Me.
Male User Gallery

Registered: 06/01/02
Posts: 5,826
Loc: The land before time
Last seen: 3 years, 6 months
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
    #2886579 - 07/13/04 05:06 PM (13 years, 12 days ago)

Internet explorer is and always will be buggy (it will never change, lol), so i either use firefox or opersa for my web browsing need


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineDF2K
Me.
Male User Gallery

Registered: 06/01/02
Posts: 5,826
Loc: The land before time
Last seen: 3 years, 6 months
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
    #2886581 - 07/13/04 05:06 PM (13 years, 12 days ago)

Internet explorer is and always will be buggy (it will never change, lol), so i either use firefox or opera for my web browsing need


Post Extras: Print Post  Remind Me! Notify Moderator
Offlinemycoguy
old hand

Registered: 03/25/04
Posts: 874
Loc: PNW
Last seen: 6 years, 9 months
Re: Multiple Internet Explorer Vulnerabilities [Re: DF2K]
    #2889602 - 07/14/04 02:41 PM (13 years, 11 days ago)

exactly the reason I have Windows Update set to AUTO.


--------------------

(and no, that's not me in the avatar)
Yahoo! Pacific Northwest Mycology Group


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineOoze
Oozalicious

Registered: 06/03/03
Posts: 80
Loc: FL
Last seen: 12 years, 1 month
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
    #2891846 - 07/15/04 01:40 AM (13 years, 11 days ago)

yeah i like firefox a lot. Always keep windows updated...a lot of virus's recently have come from people making them After a vulnerability has been documented and fixed. The reason that some of these virus's have spread and caused the damage they have is becuase many people dont update their computers!


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLe_Canard
The Duk Abides

Registered: 05/17/03
Posts: 94,373
Loc: Earthfarm 1 Flag
Re: Multiple Internet Explorer Vulnerabilities [Re: Ooze]
    #2892060 - 07/15/04 03:01 AM (13 years, 11 days ago)

Quote:

Ooze said:
yeah i like firefox a lot.  Always keep windows updated...a lot of virus's recently have come from people making them After a vulnerability has been documented and fixed.  The reason that some of these virus's have spread and caused the damage they have is becuase many people dont update their computers!




Absolutely! :thumbup: So keep that puppy updated! :laugh:


Post Extras: Print Post  Remind Me! Notify Moderator
InvisibleLe_Canard
The Duk Abides

Registered: 05/17/03
Posts: 94,373
Loc: Earthfarm 1 Flag
Re: Multiple Internet Explorer Vulnerabilities [Re: Le_Canard]
    #2892145 - 07/15/04 03:45 AM (13 years, 11 days ago)

And speaking of which, there are some new updates on the M$ site.


Post Extras: Print Post  Remind Me! Notify Moderator
OfflineAhronZombi
AhronZombi

Registered: 04/06/04
Posts: 1,265
Loc: NY
Last seen: 3 years, 2 months
Re: Multiple Internet Explorer Vulnerabilities [Re: darkfly]
    #2892308 - 07/15/04 05:43 AM (13 years, 11 days ago)

the updates arnt a solution MS finds and fixes problems way too slow due to their closed source setup. many many people are exploited before their is a fix usually and their developers dont fix problems 24/7 thats why the only solution is open source. im glad a number of companys are now backing newer mozilla developement trying to make it the standard. also many companys are moving away from IE . this should have been done long ago. and while they are at it move away from the os as well


--------------------
[url=http://kratom.tcotu.net Low Priced, High Quality Kratom[/url]


Post Extras: Print Post  Remind Me! Notify Moderator
Jump to top. Pages: 1

General Interest >> Science and Technology

Similar ThreadsPosterViewsRepliesLast post
* deleting browser toolbar messed up internet explorer zorbman 796 7 04/07/06 02:03 PM
by kaniz
* Question about Internet Explorer deranger 739 15 02/10/09 04:44 PM
by Seuss
* Internet Explorer 7 Question. Newbie 703 6 05/21/07 06:51 PM
by Newbie
* internet explorer 7 KingOftheThing 503 5 07/10/06 08:02 PM
by RuNE
* Serious Firefox Bug Fixed... Serious IE Bug Not DiploidM 914 2 07/22/07 09:14 AM
by wiggles
* Mozilla Patches 13 Firefox Security Flaws, Eight Critical DiploidM 798 2 07/28/06 01:34 PM
by Vvellum
* Why use Firefox?
( 1 2 all )
Smallworlds 4,017 28 05/14/05 12:05 PM
by Vvellum
* New Firefox Vulnerability DiploidM 1,595 9 02/28/07 05:35 PM
by OJK

Extra information
You cannot start new topics / You cannot reply to topics
HTML is disabled / BBCode is enabled
Moderator: Lana, trendal, automan
931 topic views. 0 members, 3 guests and 1 web crawlers are browsing this forum.
[ Toggle Favorite | Print Topic | Stats ]
Search this thread:
The Spore Depot
Please support our sponsors.

Copyright 1997-2017 Mind Media. Some rights reserved.

Generated in 0.037 seconds spending 0.008 seconds on 19 queries.