|
Microsoft Internet Explorer Two Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA13203
|
|
|
Release Date:
|
2004-11-17
|
|
Last Update:
|
2005-01-07
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
Security Bypass
Spoofing
|
|
Where:
|
From remote
|
|
Solution Status:
|
Unpatched
|
|
| Software: | Microsoft Internet Explorer 6.x
|
| | CVE reference: | CVE-2004-1331 (Secunia mirror)
|
|
|
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released! |
|
|
Description:
cyber flash has discovered two vulnerabilities in Internet Explorer, which can be exploited by malicious people to bypass a security feature in Microsoft Windows XP SP2 and trick users into downloading malicious files.
1) Microsoft Windows XP SP2 has a security feature, which warns users when opening downloaded files of certain types. The problem is that if the downloaded file was sent with a specially crafted "Content-Location" HTTP header or referenced using a specially crafted URL, then in some situations, no security warning will be displayed when the file is opened.
2) An error when saving some documents using the Javascript function "execCommand()" can be exploited to spoof the file extension in the "Save HTML Document" dialog.
Successful exploitation requires that the option "Hide extension for known file types" is enabled (default setting).
A combination of vulnerabilities 1 and 2 can be exploited by a malicious web site to trick a user into downloading a malicious executable file masqueraded as a HTML document.
The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2.
Solution:
Disable Active Scripting support and the "Hide extension for known file types" option.
Provided and/or discovered by:
cyber flash
Changelog:
2004-11-18: Updated "Description" section with additional information.
2004-12-20: Added link to US-CERT vulnerability note.
2005-01-07: Added CVE reference.
Other References:
US-CERT VU#743974:
http://www.kb.cert.org/vuls/id/743974
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
131 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer 6 Window "location" Handling Vulnerability
|
|
2. Internet Explorer "substringData()" Memory Corruption Vulnerability
|
|
3. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
4. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities
|
|
5. Internet Explorer FTP Command Injection Vulnerability
|
|
6. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
7. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
8. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
|
9. Internet Explorer Data Stream Handling Vulnerability
|
|
10. Internet Explorer Unspecified Address Bar Spoofing Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
