[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-Disclosure] New IE Thread crashes by WU
From: "Kaveh Mofidi" <Admin () SecureTarget ! Net>
Date: 2003-12-31 8:53:45
Message-ID: 003f01c3cf79$f1add680$0a0a0a0a () LocalHost
[Download RAW message or body]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Secure Target Network (Security Advisory December 31, 2003)
Topic: New IE Thread crashes by WU
Discovery Date: December 30, 2003
Link to Original Advisory: http://securetarget.net/advisory.htm
Affected applications and platforms:
Microsoft Internet Explorer 6 Service Pack 1
Introduction:
Any time you open your Windows Update (WU / wupdmgr.exe) and go to
"Scan for Updates"; it takes a couple of minutes (based on your
system and Net performances) for Microsoft scripting tasks to gather
information from your fixing/patching data on your machine.
A security bug exist because when you are in the period which WU
scanning your host, you cannot open any New IE windows from some
applications and opening this new window just takes time, as long as
WU ending its scanning, and it means hanging.
First, it is a security bug because it faces with availability of a
component on a windows box. Second, it happens when you open a new IE
window from these two situations below:
1. Opening a new IE window by clicking on a hyper link in OE.
2. Opening a new IE window by clicking on a hyper link in IE.
Remember that for facing with this issue, you shouldn't have an old
IE Thread opened from OE or IE before.
Exploit:
This bug may not provide an opportunity to threat a windows box
machine with attacks and exposures but it may cause DoS anyway.
Workaround:
The easiest way to work around this vulnerability is just let WU
finishing its scanning and then work with IE and OE as usual.
Tested on:
Internet Explorer 6 Service Pack 1 (6.0.2800.1106) and Outlook
Express 6.00.2800.1123 on Windows XP Service Pack 1
Feedback:
Kaveh Mofidi (Admin@SecureTarget.Net)
Secure Target Network (Security Consulting/Training Group)
HTTP://SECURETARGET.NET
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.2
iQA/AwUBP/KLYmO1siv41icpEQL+wgCfR6RTEDjlny+xZWtPWuqneFzKbOkAn3Ag
PcIUaNBYYXjm6itPd+4wBxD1
=yekc
-----END PGP SIGNATURE-----
[Attachment #3 (text/html)]
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2800.1276" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=#ffffff>
<DIV><FONT face=Arial size=2>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNED MESSAGE-----<BR>Hash:
SHA1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Secure Target Network (Security Advisory December
31, 2003) <BR>Topic: New IE Thread crashes by WU<BR>Discovery Date: December 30,
2003<BR>Link to Original Advisory: <A
href="http://securetarget.net/advisory.htm">http://securetarget.net/advisory.htm</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Affected applications and platforms: <BR>Microsoft
Internet Explorer 6 Service Pack 1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Introduction: <BR>Any time you open your Windows
Update (WU / wupdmgr.exe) and go to<BR>“Scan for Updates”; it takes a couple of
minutes (based on your<BR>system and Net performances) for Microsoft scripting
tasks to gather<BR>information from your fixing/patching data on your
machine.<BR>A security bug exist because when you are in the period which
WU<BR>scanning your host, you cannot open any New IE windows from
some<BR>applications and opening this new window just takes time, as long
as<BR>WU ending its scanning, and it means hanging.<BR>First, it is a security
bug because it faces with availability of a<BR>component on a windows box.
Second, it happens when you open a new IE<BR>window from these two situations
below:<BR>1. Opening a new IE window by clicking on a hyper link in OE.<BR>2.
Opening a new IE window by clicking on a hyper link in IE.<BR>Remember that for
facing with this issue, you shouldn’t have an old<BR>IE Thread opened from OE or
IE before.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Exploit: <BR>This bug may not provide an
opportunity to threat a windows box<BR>machine with attacks and exposures but it
may cause DoS anyway.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Workaround: <BR>The easiest way to work around this
vulnerability is just let WU<BR>finishing its scanning and then work with IE and
OE as usual.</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Tested on: <BR>Internet Explorer 6 Service Pack 1
(6.0.2800.1106) and Outlook<BR>Express 6.00.2800.1123 on Windows XP Service Pack
1</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>Feedback: <BR>Kaveh Mofidi (<A
href="mailto:Admin@SecureTarget.Net">Admin@SecureTarget.Net</A>) <BR>Secure
Target Network (Security Consulting/Training Group) <BR><A
href="http://SECURETARGET.NET">HTTP://SECURETARGET.NET</A></FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial size=2>-----BEGIN PGP SIGNATURE-----<BR>Version: PGP
8.0.2</FONT></DIV>
<DIV> </DIV>
<DIV><FONT face=Arial
size=2>iQA/AwUBP/KLYmO1siv41icpEQL+wgCfR6RTEDjlny+xZWtPWuqneFzKbOkAn3Ag<BR>PcIUaNBYYXjm6itPd+4wBxD1<BR>=yekc<BR>-----END \
PGP SIGNATURE-----<BR></FONT></DIV></FONT></DIV></BODY></HTML>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic