Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Microsoft Security Advisory - Internet Explorer

Microsoft Security Advisory - Internet Explorer

by phiber on March 7th, 2001 The IE security architecture provides a caching mechanism that is used to store content that needs to be downloaded and processed on the user's local machine. The purpose of the cache is to obfuscate the physical location of the cached content, in order to ensure that the web page or HTML e-mail will work through the IE security architecture to access the information. This ensures that the uses of the information can be properly restricted.

A vulnerability exists because it is possible for a web page or HTML e-mail to learn the physical location of cached content. Armed with this information, an attacker could cause the cached content to be opened in the Local Computer Zone. This would enable him to launch compiled HTML help (.CHM) files that contain shortcuts to executables, thereby enabling him to run the executables.



In addition to eliminating this vulnerability, the patches provided
below eliminate three other vulnerabilities that either pose
significantly less risk or could only be exploited in very
restricted situations:

- A variant of the "Frame Domain Verification" vulnerability
discussed in Microsoft Security Bulletins MS00-033, MS00-055,
and MS00-093. The vulnerability could enable a malicious web
site operator to open two browser windows, one in the web
site's domain and the other on the user's local file system,
and to pass information from the latter to the former. This
could enable the web site operator to read, but not change,
any file on the user's local computer that could be opened
in a browser window.

- A vulnerability that is identical in effect to the "Frame
Domain Verification" vulnerability, but which actually results
from a flaw in Windows Scripting Host rather than IE. Because
it could only be exploited via IE, we have provided the patch
here.

- A vulnerability that affects how Telnet sessions are invoked
via IE. By design, telnet sessions can be launched via IE.
However, a vulnerability exists because when doing so, IE will
start Telnet using any command-line options the web site
specifies. This only becomes a concern when using the version
of the Telnet client that installs as part of Services for
Unix (SFU) 2.0 on Windows NT(r) 4.0 or Windows(r) 2000
machines. The version of the Telnet client in SFU 2.0 provides
an option for creating a verbatim transcript of a Telnet
session. An attacker could start a session using the logging
option, then stream an executable file onto the user's system
in a location that would cause it to be executed automatically
the next time the user booted the machine. The flaw does not
lie in the Telnet client, but in IE, which should not allow
Telnet to be started remotely with command-line arguments.


For quick fix download this advisory.

Visit Microsoft Security


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »