Vulnerabilities: Microsoft Internet Explorer Multiple Vulnerabilities (Fix It)
Microsoft Internet Explorer Multiple Vulnerabilities
Release Date: 2003-08-20
Critical: Extremely critical
Impact: System access
Where: From remote
Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6
Description:
Microsoft has issued a cumulative patch for Internet Explorer, which fixes multiple vulnerabilities. The worst vulnerability can lead to execution of arbitrary code on the client system via HTML emails or web sites.
1) A cross domain vulnerability exists in the way Internet Explorer retrieves files from the cache. This can be exploited by a malicious HTML document to execute arbitrary scripting in the My Computer Zone.
2) Internet Explorer determines whether an object is safe when it interprets the file extension specified in the Object Data tag. This allows a malicious person to specify a safe file with eg. a .html extension in Object Data, which causes Internet Explorer to interpret it as a safe file. However, when the file is retrieved by Internet Explorer the Content-Type header determines how the file will be treated. This allows an executable file like a .hta file to be treated as a safe file and be executed silently without restrictions.
Secunia has constructed a vulnerability test, which can be used to check if you are affected by this issue:
http://www.secunia.com/MS03-032/
3) The Kill Bit will be set on the Windows Reporting Tool ActiveX control BR549.DLL. This ActiveX control contains a vulnerability which could be exploited by malicious HTML documents to execute arbitrary code.
Furthermore, a language specific variant of the older object type tag buffer overflow vulnerability (MS03-020) has been identified and is fixed in this patch.
This update also fixes other minor issues.
The Object Data vulnerability is straight forward to exploit. In many ways this vulnerability is similar to MS01-020 which was exploited by notorious viruses like Nimda, Badtrans and Klez.
Reported by / credits:
1) Yu-Arai, LAC
2) Drew Copley, eEye Digital Security
3) Greg Jones, KPMG UK
Changelog:
2003-08-21: Updated critical rating and description due to detailed information from eEye.
2003-08-22: Included link to Secunia vulnerability test.
Original Advisory:
http://www.microsoft.com/technet/security/bulletin/MS03-032.asp
http://www.eeye.com/html/Research/Advisories/AD20030820.html
Related Secunia Advisories:
Microsoft MCIWNDX.OCX ActiveX Plugin Buffer Overflow
Internet Explorer AutoScan Method Cross-Site Scripting Vulnerability
Internet Explorer Custom HTTP Error Script Injection Vulnerability
Internet Explorer XML File Cross-Site Scripting Vulnerability
Internet Explorer Exposes Sensitive Information Secunia Advisories
Posted on Monday, 25 August 2003 @ 11:15:00 UTC by phoenix22 (1291 reads) [ Trackback ]
