|
Microsoft Internet Explorer "window()" Arbitrary Code Execution Vulnerability
|
|
|
|
|
Secunia Advisory:
|
SA15546
|
|
|
Release Date:
|
2005-05-31
|
|
Last Update:
|
2005-12-13
|
|
|
Critical:
|
Extremely critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
| | CVE reference: | CVE-2005-1790 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to certain objects not being initialized correctly when the "window()" function is used in conjunction with the "<body onload>" event. This can be exploited to execute arbitrary code on a vulnerable browser via some specially crafted JavaScript code called directly when a site has been loaded.
Example:
<body onload="window();">
Successful exploitation requires that the user is e.g. tricked into visiting a malicious website.
The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2, and Internet Explorer 6.0 and Microsoft Windows 2000 SP4.
Note: A PoC exploit has been released for this vulnerability.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Apply patches.
For details:
SA15368
Provided and/or discovered by:
Originally reported by:
Benjamin Tobias Franz
Code Execution PoC by:
S. Pearson, Computer Terrorism (UK)
Changelog:
2005-06-01: Added Microsoft Internet Explorer 5.5 as affected software.
2005-06-02: Added CVE reference.
2005-11-21: PoC exploit released. Escalated criticality.
2005-11-22: Added links to original advisories and US-CERT vulnerability note.
2005-12-13: Vendor releases patches. Updated solution.
Original Advisory:
S. Pearson:
http://www.computerterrorism.com/research/ie/ct21-11-2005
Microsoft (KB911302):
http://www.microsoft.com/technet/security/advisory/911302.mspx
http://support.microsoft.com/kb/911302
MS05-054 (KB905915):
http://www.microsoft.com/technet/security/Bulletin/MS05-054.mspx
Other References:
US-CERT VU#887861:
http://www.kb.cert.org/vuls/id/887861
SA15368:
http://secunia.com/advisories/15368/
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
132 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer 6 Window "location" Handling Vulnerability
|
|
2. Internet Explorer "substringData()" Memory Corruption Vulnerability
|
|
3. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
4. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities
|
|
5. Internet Explorer FTP Command Injection Vulnerability
|
|
6. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
7. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
8. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
|
9. Internet Explorer Data Stream Handling Vulnerability
|
|
10. Internet Explorer Unspecified Address Bar Spoofing Vulnerability
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
