Bugtraq mailing list archives
Re: IE 3.0?
From: angio () aros net (Dave Andersen)
Date: Fri, 23 Aug 1996 12:41:27 -0600
Yes, there is. Microsoft has already posted a patch for it, available from http://www.microsoft.com/msdownload/iepatch.htm -Dave Andersen Lo and behold, InterAccess Support Manager once said:
Is there any weight in this slight security breach? http://www.cs.princeton.edu/sip/news/Aug96-2.html <snip> August 1996 Internet Explorer Security Flaw: Brief Description We have discovered a security flaw in version 3.0 of Microsoft's Internet Explorer browser running under Windows 95. An attacker could exploit the flaw to run any DOS command on the machine of an Explorer user who visits the attacker's page. For example, the attacker could read, modify, or delete the victim's files, or insert a virus or backdoor entrance into the victim's machine. We have verified our discovery by creating a Web page that deletes a file on the machine of any Explorer user who visits the page. The core of the attack is a technique for delivering a document to the victim's browser while bypassing the security checks that would normally be applied to the document. If the document is, for example, a Microsoft Word template, it could contain a macro that executes any DOS command. The attacker could arrange things so the macro was executed automatically as a consequence of the victim visiting the attacker's page. Normally, before Explorer downloads a dangerous file like a Word document, it displays a dialog box warning that the file might contain a virus or other dangerous content, and asking the user whether to abort the download or to proceed with the download anyway. This gives the user a chance to avoid the risk of a malicious document. However, our technique allows an attacker to deliver a document without triggering the dialog box. The attack does not require the user to approve any actions by answering questions, requesting a download, or opening a document or program. Merely visiting a Web page containing the attack is enough to expose you to it. Microsoft has been notified and they are working on fixing the problem. Until a remedy is widely available, we will not disclose further details about the flaw. Further details will appear on this page at a later date. We do not know whether Windows NT users of Internet Explorer 3.0 are affected, though we suspect that they may be. This flaw was found by Dirk Balfanz and Edward Felten. Contact Felten if you have questions. Princeton University Department of Computer Science Contact: sip () cs princeton edu <snip>
-- angio () aros net Complete virtual hosting and business-oriented system administration Internet services. (WWW, FTP, email) http://www.aros.net/ http://www.aros.net/about/virtual "There are only two industries that refer to their customers as 'users'."
Current thread:
- BUG in /bin/bash Seven Up (Aug 22)
- <Possible follow-ups>
- Re: BUG in /bin/bash Red Barchetta (Aug 22)
- Re: BUG in /bin/bash The Ghost who Admins (Aug 22)
- Re: BUG in /bin/bash Digital Dreamer (Aug 22)
- Re: BUG in /bin/bash Earle Ake (Aug 22)
- IE 3.0? InterAccess Support Manager (Aug 22)
- Re: IE 3.0? Dave Andersen (Aug 23)
- More on the UnixWare problem Todd Vierling (Aug 23)
- resolv+ and finger... C. Hodges (Aug 23)
- Vulnerability in the Xt library Aleph One (Aug 24)
- Re: Vulnerability in the Xt library Stefan `Sec` Zehl (Aug 25)
- Re: Vulnerability in the Xt library Mike Neuman (Aug 27)
- Re: Vulnerability in the Xt library Casper Dik (Aug 28)
- Re: Vulnerability in the Xt library Mike Neuman (Aug 28)
- RFD: libsuid VaX#n8 (Aug 24)
- More on UnixWare 2.x vulnerability Todd Vierling (Aug 24)
- Re: (WORKAROUND) More on UnixWare 2.x vulnerability Hannu Laurila (Aug 24)