Alert: Microsoft Security Bulletin - MS02-015
From: Russ (Russ.Cooper@RC.ON.CA)Date: 03/29/02
- Previous message: Scalise, Marzio: "Authentication with RSA SecurID and Outlook web access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 28 Mar 2002 18:30:23 -0500 From: Russ <Russ.Cooper@RC.ON.CA> To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
http://www.microsoft.com/technet/security/bulletin/MS02-015.asp
28 March 2002 Cumulative Patch for Internet Explorer
Originally posted: March 28, 2002
Summary
Who should read this bulletin: Customers using Microsoft® Internet Explorer
Impact of vulnerability: Two vulnerabilities, the most serious of which would allow script to run in the Local Computer Zone.
Maximum Severity Rating: Critical
Recommendation: Consumers using the affected version of IE should install the patch immediately.
Affected Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Technical description:
This is a cumulative patch that includes the functionality of all previously released patches for IE 5.01, 5.5 and IE 6. In addition, it eliminates the following two newly discovered vulnerabilities:
- A vulnerability in the zone determination function that could allow a script embedded in a cookie to be run in the Local Computer zone. While HTML scripts can be stored in cookies, they should be handled in the same zone as the hosting site associated with them, in most cases the Internet zone. An attacker could place script in a cookie that would be saved to the user's hard disk. When the cookie was opened by the site the script would then run in the Local Computer zone, allowing it to run with fewer restrictions than it would otherwise have.
- A vulnerability in the handling of object tags that could allow an attacker to invoke an executable already present on the user's machine. A malicious user could create HTML web page that includes this object tag and cause a local program to run on the victim's machine.
Mitigating factors:
Cookie-based Script Execution:
- The script would run with the same rights as the user. The specific privileges the attacker could gain through this vulnerability would therefore depend on the privileges accorded to the user. Any limitations on a user's account, such as those applied through Group Policies, would also limit the actions of any script executed by this vulnerability.Local Executable Invocation via Object tag:
- The vulnerability would not enable the attacker to pass any parameters to the program. Microsoft is not aware of any programs installed by default in any version of Windows that, when called with no parameters, could be used to compromise the system.
- An attacker could only execute a file on the victim's local machine. The vulnerability could not be used to execute a program on a remote share or web site.
- The vulnerability would not provide any way for an attacker to put a program of his choice onto another user's system.
- An attacker would need to know the name and location of any executable on the system to successfully invoke it.
- Outlook 98 and 2000 (after installing the Outlook Email Security Update), Outlook 2002, and Outlook Express 6 all open HTML mail in the Restricted Sites Zone. As a result, customers using these products would not be at risk from email-borne attacks.
Vulnerability identifier:
- Cookie-based Script Execution: CAN-2002-0078
- Local Executable Invocation via Object tag: CAN-2002-0077
This email is sent to NTBugtraq automatically as a service to my subscribers. Since its programmatically created, and since its been a long time since anyone paid actual money for my programming skills, it may or may not look that good...;-]
I can only hope that the information it does contain can be read well enough to serve its purpose.
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
- Previous message: Scalise, Marzio: "Authentication with RSA SecurID and Outlook web access"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
