'[Full-Disclosure] New IE Thread crashes by WU'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] New IE Thread crashes by WU
From:       "Kaveh Mofidi" <Admin () SecureTarget ! Net>
Date:       2003-12-31 8:53:45
Message-ID: 003f01c3cf79$f1add680$0a0a0a0a () LocalHost
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Secure Target Network (Security Advisory December 31, 2003) 
Topic: New IE Thread crashes by WU
Discovery Date: December 30, 2003
Link to Original Advisory: http://securetarget.net/advisory.htm

Affected applications and platforms: 
Microsoft Internet Explorer 6 Service Pack 1

Introduction: 
Any time you open your Windows Update (WU / wupdmgr.exe) and go to
"Scan for Updates"; it takes a couple of minutes (based on your
system and Net performances) for Microsoft scripting tasks to gather
information from your fixing/patching data on your machine.
A security bug exist because when you are in the period which WU
scanning your host, you cannot open any New IE windows from some
applications and opening this new window just takes time, as long as
WU ending its scanning, and it means hanging.
First, it is a security bug because it faces with availability of a
component on a windows box. Second, it happens when you open a new IE
window from these two situations below:
1. Opening a new IE window by clicking on a hyper link in OE.
2. Opening a new IE window by clicking on a hyper link in IE.
Remember that for facing with this issue, you shouldn't have an old
IE Thread opened from OE or IE before.

Exploit: 
This bug may not provide an opportunity to threat a windows box
machine with attacks and exposures but it may cause DoS anyway.

Workaround: 
The easiest way to work around this vulnerability is just let WU
finishing its scanning and then work with IE and OE as usual.

Tested on: 
Internet Explorer 6 Service Pack 1 (6.0.2800.1106) and Outlook
Express 6.00.2800.1123 on Windows XP Service Pack 1

Feedback: 
Kaveh Mofidi (Admin@SecureTarget.Net) 
Secure Target Network (Security Consulting/Training Group) 
HTTP://SECURETARGET.NET

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2

iQA/AwUBP/KLYmO1siv41icpEQL+wgCfR6RTEDjlny+xZWtPWuqneFzKbOkAn3Ag
PcIUaNBYYXjm6itPd+4wBxD1
=yekc
-----END PGP SIGNATURE-----

[Attachment #3 (text/html)]

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1276" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash: 
SHA1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Secure Target Network (Security Advisory December 
31, 2003) <BR>Topic: New IE Thread crashes by WU<BR>Discovery Date: December 30, 
2003<BR>Link to Original Advisory: <A 
href="http://securetarget.net/advisory.htm">http://securetarget.net/advisory.htm</A></FONT></DIV>
 <DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Affected applications and platforms: <BR>Microsoft 
Internet Explorer 6 Service Pack 1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Introduction: <BR>Any time you open your Windows 
Update (WU / wupdmgr.exe) and go to<BR>“Scan for Updates”; it takes a couple of 
minutes (based on your<BR>system and Net performances) for Microsoft scripting 
tasks to gather<BR>information from your fixing/patching data on your 
machine.<BR>A security bug exist because when you are in the period which 
WU<BR>scanning your host, you cannot open any New IE windows from 
some<BR>applications and opening this new window just takes time, as long 
as<BR>WU ending its scanning, and it means hanging.<BR>First, it is a security 
bug because it faces with availability of a<BR>component on a windows box. 
Second, it happens when you open a new IE<BR>window from these two situations 
below:<BR>1. Opening a new IE window by clicking on a hyper link in OE.<BR>2. 
Opening a new IE window by clicking on a hyper link in IE.<BR>Remember that for 
facing with this issue, you shouldn’t have an old<BR>IE Thread opened from OE or 
IE before.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Exploit: <BR>This bug may not provide an 
opportunity to threat a windows box<BR>machine with attacks and exposures but it 
may cause DoS anyway.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Workaround: <BR>The easiest way to work around this 
vulnerability is just let WU<BR>finishing its scanning and then work with IE and 
OE as usual.</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Tested on: <BR>Internet Explorer 6 Service Pack 1 
(6.0.2800.1106) and Outlook<BR>Express 6.00.2800.1123 on Windows XP Service Pack 
1</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>Feedback: <BR>Kaveh Mofidi (<A 
href="mailto:Admin@SecureTarget.Net">Admin@SecureTarget.Net</A>) <BR>Secure 
Target Network (Security Consulting/Training Group) <BR><A 
href="http://SECURETARGET.NET">HTTP://SECURETARGET.NET</A></FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP 
8.0.2</FONT></DIV>
<DIV>&nbsp;</DIV>
<DIV><FONT face=Arial 
size=2>iQA/AwUBP/KLYmO1siv41icpEQL+wgCfR6RTEDjlny+xZWtPWuqneFzKbOkAn3Ag<BR>PcIUaNBYYXjm6itPd+4wBxD1<BR>=yekc<BR>-----END \
 PGP SIGNATURE-----<BR></FONT></DIV></FONT></DIV></BODY></HTML>


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic