Re: Multiple local files detection issues with OWC in IE (GM#008-IE)

From: Russ (Russ.Cooper@RC.ON.CA)
Date: 04/09/02 

Date:         Mon, 8 Apr 2002 21:42:03 -0400
From: Russ <Russ.Cooper@RC.ON.CA>
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

There's no doubt that there has been a change in the approach of some
people who report vulnerabilities in IE. I don't speak specifically of
GreyMagic Software, but they can be cited for the same problem I would
say Georgi Guninski currently suffers from.

Its good to point out suggested workarounds. They are needed, and
important, if you are to take any action based on information provided
for which there is no specific fix. GreyMagic's 4 vulnerabilities
pointed out today all have the same workaround, namely, disable the
scripting of ActiveX objects (in addition to disabling Active
Scripting).

There's no doubt this works, and clearly it's a simple remedy. Guninski
recently stopped recommending this and started recommending switching to
another browser (which as most of us know, isn't a realistic
workaround).

GreyMagic's vulnerabilities are all covered under a new feature of IE
6.0, namely, the ability to create lists of Administrator approved
ActiveX controls. While this has no real value for the average person,
Administrators can take advantage of this setting to restrict which
controls can be scripted. If this setting is applied in all zones, it
actually can control many of the recent vulnerabilities announced.

With Firewalls and Routers we know that default deny rule is the only
way to go, explicitly allow those thing you must. IE 6.0 offers
Administrators that opportunity.

I'm not saying it's the answer to everyone's questions, or the solution
to all of IE's woes, but if more Administrators would use it they'd have
far fewer surprises coming their way from GreyMagic...;-]

Cheers,
Russ - NTBugtraq Editor

Relevant Pages

  • RE: [Full-Disclosure] Software vendors just dont get ActiveX security
    ... >Software vendors continue to not understand ActiveX security issues. ... >found a number of ActiveX controls on my laptop which are marked "safe ... The biggest problem with this entire class of vulnerabilities is that the ...
    (Full-Disclosure)
  • [Full-disclosure] TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities
    ... TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities ... WebAdmin is a remote administration utility which allows administrators to ... has become a standard module for the company's MDaemon mail server, ...
    (Full-Disclosure)
  • TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities
    ... TTG0601 - Alt-N WebAdmin Multiple Vulnerabilities ... WebAdmin is a remote administration utility which allows administrators to ... has become a standard module for the company's MDaemon mail server, ...
    (Bugtraq)
  • [NT] Alt-N WebAdmin Directory Traversal (logfile/configfile_view.wdm)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... elevation vulnerability which could lead to compromise of the mail server ... global administrators are allowed access to the underlying filesystem like ... Multiple Vulnerabilities in MDaemon + WorldClient by Obscure of Eye ...
    (Securiteam)
  • [Full-Disclosure] IE Web Browser: "Sitting Duck"
    ... Microsoft, and insisting we were just complaining about the "GUI ... "There are a number of significant vulnerabilities in technologies ... MIME type determination, and ActiveX. ... to these vulnerabilities by using a different web browser, ...
    (Full-Disclosure)
Quantcast