[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: IE 3.0?
From:       Dave Andersen <angio () aros ! net>
Date:       1996-08-23 12:41:27
[Download RAW message or body]

Yes, there is.  Microsoft has already posted a patch for it, available
from http://www.microsoft.com/msdownload/iepatch.htm

      -Dave Andersen

Lo and behold, InterAccess Support Manager once said:
>
> Is there any weight in this slight security breach?
>
> http://www.cs.princeton.edu/sip/news/Aug96-2.html
>
> <snip>
>
> August 1996 Internet Explorer Security Flaw: Brief Description
>
> We have discovered a security flaw in version 3.0 of Microsoft's Internet
> Explorer browser running under Windows 95. An attacker could exploit
> the flaw to run any DOS command on the machine of an Explorer user who
> visits the attacker's page. For example, the attacker could read,
> modify, or delete the victim's files, or insert a virus or backdoor
> entrance into the victim's machine. We have verified our discovery by
> creating
> a Web page that deletes a file on the machine of any Explorer user who
> visits the page.
>
> The core of the attack is a technique for delivering a document to the
> victim's browser while bypassing the security checks that would normally
> be applied to the document. If the document is, for example, a Microsoft
> Word template, it could contain a macro that executes any DOS
> command. The attacker could arrange things so the macro was executed
> automatically as a consequence of the victim visiting the attacker's
> page.
>
> Normally, before Explorer downloads a dangerous file like a Word
> document, it displays a dialog box warning that the file might contain a
> virus
> or other dangerous content, and asking the user whether to abort the
> download or to proceed with the download anyway. This gives the user a
> chance to avoid the risk of a malicious document. However, our technique
> allows an attacker to deliver a document without triggering the
> dialog box.
>
> The attack does not require the user to approve any actions by answering
> questions, requesting a download, or opening a document or
> program. Merely visiting a Web page containing the attack is enough to
> expose you to it.
>
> Microsoft has been notified and they are working on fixing the problem.
> Until a remedy is widely available, we will not disclose further details
> about the flaw. Further details will appear on this page at a later date.
>
> We do not know whether Windows NT users of Internet Explorer 3.0 are
> affected, though we suspect that they may be.
>
> This flaw was found by Dirk Balfanz and Edward Felten. Contact Felten if
> you have questions.
>
>
>
>                         Princeton University
>                         Department of Computer Science
>                         Contact: sip@cs.princeton.edu
> <snip>
>


--
angio@aros.net                Complete virtual hosting and business-oriented
system administration         Internet services.  (WWW, FTP, email)
http://www.aros.net/          http://www.aros.net/about/virtual
  "There are only two industries that refer to their customers as 'users'."

[prev in list] [next in list] [prev in thread] [next in thread]