Bugtraq mailing list archives
Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability
From: Nerijus Krukauskas <nk99 () delfi lt>
Date: Fri, 22 Aug 2003 11:27:33 +0300
Marc Maiffret wrote:
Internet Explorer Object Data Remote Execution Vulnerability Release Date: August 20, 2003 Reported Date: May 15, 2003 Severity: High (Remote Code Execution) Systems Affected: Microsoft Internet Explorer 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 for Windows Server 2003 Description: eEye Digital Security has discovered a security vulnerability in Microsoft's Internet Explorer that would allow executable code to run automatically upon rendering malicious HTML. This is a flaw in Microsoft's primary contribution to HTML, the Object tag, which is used to embed basically all ActiveX into HTML pages. The parameter that specifies the remote location of data for objects is not checked to validate the nature of the file being loaded, and therefore trojan executables may be run from within a webpage as silently and as easily as Internet Explorer parses image files or any other "safe" HTML content. This attack may be utilized wherever IE parses HTML, including web sites, e-mail, newsgroups, and within applications utilizing web-browsing functionality.
<snip>In case anyone needs a SNORT rule to catch attempts to exploit this vulnerability:
#-----alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Internet Explorer Object Data Remote Execution Vulnerability"; \
content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; \ nocase; flow:from_server, established; \ reference:cve,CAN-2003-0532; \ classtype:web-application-activity; rev:1;) #----- Any improvements and suggestions to this rule are highly welcomed. -- NK @ Vilnius nk.tinkle.lt
Current thread:
- EEYE: Internet Explorer Object Data Remote Execution Vulnerability Marc Maiffret (Aug 21)
- Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Nerijus Krukauskas (Aug 22)
- Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Fabio Pietrosanti (naif) (Aug 26)
- RE: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Drew Copley (Aug 28)
- Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Fabio Pietrosanti (naif) (Aug 26)
- <Possible follow-ups>
- EEYE: Internet Explorer Object Data Remote Execution Vulnerability Marc Maiffret (Aug 21)
- Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability http-equiv () excite com (Aug 21)
- RE: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Menashe Eliezer (Aug 22)
- RE: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Drew Copley (Aug 28)
- Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability Nerijus Krukauskas (Aug 22)