|
Internet Explorer Four Vulnerabilities
|
|
Secunia Advisory:
|
SA8649
|
|
|
Release Date:
|
2003-04-23
|
|
Popularity:
|
16,091 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
|
|
Secunia CVSS-2 Score:
|
Available in Secunia business solutions 
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
|
| Advisory Content (Page 1 of 3) | [ 1 ] [ 2 ] [ 3 ] | |
|
Description:
Microsoft has issued a cumulative patch for Internet Explorer, which fixes the following four vulnerabilities:
1) A boundary error exists in "urlmon.dll" because certain parameters are checked incorrectly. A malicious person can exploit this to cause a buffer overflow on a user's system and execute arbitrary code with the privileges of the user by constructing a speciel web page and trick a user into visiting it.
2) An information disclosure vulnerability exists in the file upload control caused by a flaw in the way incoming requests for file uploads are handled. This allows input to be passed to the vulnerable control without user interaction. A malicious person can exploit this to retrieve arbitrary files from a user's system by constructing a malicious web page and luring the user into visiting it.
Successful exploitation requires that the requested file is not in use and that the malicious person knows the exact location of the file on the user's system.
3) An input validation error exists in a method for invoking third party plug-ins. The problem is that parameters of the URL used to reference a third party file type is not checked properly. A malicious person can exploit this to execute arbitrary script code on a user's system in the local computer zone by constructing a web page containing a specially crafted link to a third party file.
4) An information disclosure vulnerability exists in the way modal dialogs are rendered. Specifically, the vulnerability is caused by an input validation error because a parameter in the Cascading Style Sheet input parameter for modal dialogs is not checked properly. A malicious person can exploit this to read arbitrary files on a user's system by contructing a special web page and luring the user into visiting it.
Successful exploitation requires that the malicious person knows the exact location of the file on the user's system.
It is also possible to exploit the described vulnerabilities automatically in an email-borne attack when a user views a malicious email. However, this is not possible if the user is viewing the email in Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or Outlook 2000 in conjunction with the Outlook Email Security Update.
NOTE: The released patch also sets the Kill Bit on the ActiveX control "plugin.ocx" and includes a fix for Internet Explorer 6.0 SP1, which corrects the way help information is displayed in the local computer zone.
Change Page:
[ 1 ] [ 2 ] [ 3 ]
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
