|
Microsoft Internet Explorer Multiple Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA9711
|
|
|
Release Date:
|
2003-09-11
|
|
Last Update:
|
2004-02-09
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
Cross Site Scripting
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Multiple vulnerabilities have been identified in Microsoft Internet Explorer. Some could expose sensitive information others may lead to execution of arbitrary code.
1) File-protocol proxy / WsOpenFileJPU
A malicious site may retrieve cookie information from other sites by opening them in the "_search" window. This information may then be retrieved using the file protocol. It is believed that this could also be exploited to execute arbitrary code in the context of the other domain including the local security zone.
2) NavigateAndFind protocol history / NAFjpuInHistory
It is possible to retrieve information and execute JavaScript in the context of other sites using the "history.back" function. This may also affect the local security zone.
3) window.open search injection / WsFakeSrc
It is possible to open different sites using "window.open" and access information and execute JavaScript in this window at any given time. This may also affect the local security zone.
4) NavigateAndFind file proxy / NAFfileJPU
A combination of the file protocol and the NavigateAndFind function allows malicious sites to access information and execute code in a different window and domain. This may also affect the local security zone.
5) Timed history injection / BackMyParent2
It is possible to access information from a site loaded in a different frame and domain using the "history.back" function.
6) history.back method caching / RefBack
This is a variant of 5) BackMyParent also allowing a site to access information from a different frame and domain.
7) Click hijacking / HijackClick
This allows malicious sites to trick users into performing actions like drag'n'drop a resource from one place to another without their knowledge. An example has been provided allowing sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".
Issues 1-7 have been reported by Liu Die Yu and affect Internet Explorer with all patches. Several other issues have also been published. These however, affect Internet Explorer without all patches installed. Thus, they are not considered relevant as they to some extent are related to previously fixed vulnerabilities.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
The vulnerabilities seem to have been fixed at some point by the latest Service Packs and patches.
Provided and/or discovered by:
Discovered and published by Liu Die Yu.
Additional information by Thor Larholm.
Sample exploit by jelmer.
Changelog:
2003-10-08: Another exploit similar to an exploit by jelmer has been released. Secunia has changed the rating to extremely critical. Certain sites claim this to be another case of an inadequate Microsoft patch - this is not the case. The mentioned issues have not yet been patched.
2004-02-09: Updated "Solution" section.
Original Advisory:
http://safecenter.net/liudieyu/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
http://safecenter.net/liudieyu/NAFjpuInHistory/NAFjpuInHistory-Content.HTM
http://safecenter.net/liudieyu/WsFakeSrc/WsFakeSrc-Content.HTM
http://safecenter.net/liudieyu/NAFfileJPU/NAFfileJPU-Content.HTM
http://safecenter.net/liudieyu/BackMyParent2/BackMyParent2-Content.HTM
http://safecenter.net/liudieyu/RefBack/RefBack-Content.HTM
http://safecenter.net/liudieyu/HijackClick/HijackClick-Content.HTM
Other References:
SA10192:
http://secunia.com/advisories/10192/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
133 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer 6 Window "location" Handling Vulnerability
|
|
2. Internet Explorer "substringData()" Memory Corruption Vulnerability
|
|
3. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
4. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities
|
|
5. Internet Explorer FTP Command Injection Vulnerability
|
|
6. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
7. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
8. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
|
9. Internet Explorer Data Stream Handling Vulnerability
|
|
10. Internet Explorer Unspecified Address Bar Spoofing Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
