Multiple vulnerabilities have been identified in Microsoft Internet Explorer. Some could expose sensitive information others may lead to execution of arbitrary code.
1) File-protocol proxy / WsOpenFileJPU
A malicious site may retrieve cookie information from other sites by opening them in the "_search" window. This information may then be retrieved using the file protocol. It is believed that this could also be exploited to execute arbitrary code in the context of the other domain including the local security zone.
2) NavigateAndFind protocol history / NAFjpuInHistory
3) window.open search injection / WsFakeSrc
4) NavigateAndFind file proxy / NAFfileJPU
A combination of the file protocol and the NavigateAndFind function allows malicious sites to access information and execute code in a different window and domain. This may also affect the local security zone.
5) Timed history injection / BackMyParent2
It is possible to access information from a site loaded in a different frame and domain using the "history.back" function.
6) history.back method caching / RefBack
This is a variant of 5) BackMyParent also allowing a site to access information from a different frame and domain.
7) Click hijacking / HijackClick
This allows malicious sites to trick users into performing actions like drag'n'drop a resource from one place to another without their knowledge. An example has been provided allowing sites to add links to "Favorites". However, resources need not be links and the destination could be different than "Favorites".
Issues 1-7 have been reported by Liu Die Yu and affect Internet Explorer with all patches. Several other issues have also been published. These however, affect Internet Explorer without all patches installed. Thus, they are not considered relevant as they to some extent are related to previously fixed vulnerabilities.
Solution: The vulnerabilities seem to have been fixed at some point by the latest Service Packs and patches.
Provided and/or discovered by: Discovered and published by Liu Die Yu.
Additional information by Thor Larholm.
Sample exploit by jelmer.
Original Advisory: http://safecenter.net/liudieyu/WsOpenFileJPU/WsOpenFileJPU-Content.HTM
Do you have additional information related to this advisory?
Please provide information about patches, mitigating factors, new versions, exploits, faulty patches, links, and other relevant data by posting comments to this Advisory. You can also send this
information to firstname.lastname@example.org
Subject: Microsoft Internet Explorer Multiple Vulnerabilities
No posts yet
You must be logged in to post a comment.
Secunia Customer Login
Not a customer already?
Learn more about how our market leading Vulnerability Management solutions can help you manage risk and ensure compliance.