|
Microsoft update to stop remote execution
|
|
Secunia Advisory:
|
SA7651
|
|
|
Release Date:
|
2002-12-05
|
|
Last Update:
|
2002-12-07
|
|
Popularity:
|
18,431 views
|
|
|
Critical:
|
Moderately critical
|
|
Impact:
|
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Microsoft has acknowledged the danger of a bug which has been known for months. The problem is that a malicious webpage could execute ANY local executable. A previous update eliminated the ability to pass parameters to the executable.
However multiple vulnerabilities with the same or worse impacts are still unpatched, in other words Internet Explorer is no less vulnerable than before.
These are the currently unpatched vulnerabilities in Microsoft Internet Explorer:
Name: dialog style Cross Site Scripting
Description: It is possible to Cross Site Script the security zones, steal cookies and monitor the user.
Name: JVM Bytecode Verifier
Description: It is possible to do anything.
Name: cross-frame dialogArguments
Description: It is possible to execute /read local files.
Name: clipboardData object caching
Description: It is possible to read and write to the clipboard.
Name: MS JVM native method vulnerabilities
Description: It is possible to execute arbitrary code.
Name: WMP Stench
Description: It is possible to save and execute files on a local system.
Name: Java XMLDSO base tag
Description: Read any local file.
Name: document.domain parent DNS resolver
Description: Improper duality check leading to firewall breach
Name: CTRL-key file upload focus
Description: Read files, download and execution.
Name: FTP Folder View XSS
Description: It is possible to execute arbitrary commands.
Name: Self-executing HTML Help
Description: It is possible to save and execute arbitrary programs.
Name: Back Button CSS
Description: It is possible to read both files and cookies and execute arbitrary code.
Name: HELP.dropper (IE6, OE6, Outlook)
Description: It is possible to save and execute arbitrary programs.
Name: DynSrc Local File detection
Description: It is possible to locate files and read their size/date.
Name: Security zone transfer
Description: It is possible to auto-open IE and execute attachments.
Name: "script src" local file enumeration
Description: It is possible to enumerate any file on local system.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
