New IE Vulnerabilities...

From: Serge Vondandamo (svondandamo_at_MERCURY-EUR.COM)
Date: 09/12/03

  • Next message: Roberto: "vBulletin Multiple Cross Site Scripting Vulnerabilities" 
    Date:         Fri, 12 Sep 2003 22:05:58 +0200
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    FYI.

    This report was published on Dshield mailing list.
    Here is the link to Microsoft Security bulletin talking about it:
    http://www.microsoft.com/security/security_bulletins/ms03-032.asp

    Cheers
    Serge

    Hill, Keith wrote:

    New "highly critical" vulnerabilities report for IE (are you surprised?).
    Unfortunately there are no patches as of yet so just disable active
    scripting, ActiveX and plug-ins for yourself and all of the computers you
    support.

    What, you don't like that answer?

    http://www.secunia.com/advisories/9711/

    ++++++++++++++++++++++++++++
    Text of advisory
    ++++++++++++++++++++++++++++
    Multiple vulnerabilities have been identified in Microsoft Internet
    Explorer. Some could expose sensitive information others may lead to
    execution of arbitrary code.

    1) File-protocol proxy / WsOpenFileJPU
    A malicious site may retrieve cookie information from other sites by opening
    them in the "_search" window. This information may then be retrieved using
    the file protocol. It is believed that this could also be exploited to
    execute arbitrary code in the context of the other domain including the
    local security zone.

    2) NavigateAndFind protocol history / NAFjpuInHistory It is possible to
    retrieve information and execute JavaScript in the context of other sites
    using the "history.back" function. This may also affect the local security
    zone.

    3) window.open search injection / WsFakeSrc It is possible to open different
    sites using "window.open" and access information and execute JavaScript in
    this window at any given time. This may also affect the local security zone.

    4) NavigateAndFind file proxy / NAFfileJPU A combination of the file
    protocol and the NavigateAndFind function allows malicious sites to access
    information and execute code in a different window and domain. This may also
    affect the local security zone.

    5) Timed history injection / BackMyParent2 It is possible to access
    information from a site loaded in a different frame and domain using the
    "history.back" function.

    6) history.back method caching / RefBack This is a variant of 5)
    BackMyParent also allowing a site to access information from a different
    frame and domain.

    7) Click hijacking / HijackClick
    This allows malicious sites to trick users into performing actions like
    drag'n'drop a resource from one place to another without their knowledge. An
    example has been provided allowing sites to add links to "Favorites".
    However, resources need not be links and the destination could be different
    than "Favorites".

    Issues 1-7 have been reported by Liu Die Yu and affect Internet Explorer
    with all patches. Several other issues have also been published. These
    however, affect Internet Explorer without all patches installed. Thus they
    are not concidered relevant as they to some extent are related to previously
    fixed vulnerabilities.
    Solution:
    There is no patch for these issues. The only efficient solution is to
    disable Active Scripting.

    Secunia recommends that you disable Active Scripting, ActiveX and plug-ins
    for all sites. You may then allow execution of this for certain trusted
    sites on a case by case basis.
    Reported by / credits:
    Discovered and published by Liu Die Yu
    Additional information from Thor Larholm
    +++++++++++++++++++++++++++++++++++++++++ 

    ----
Are You "Certifiable"? Summer's Hottest Certification Just Got HOTTER!
With a growth rate exceeding 110%, the TICSA security practitioner
certification is one of the hottest IT credentials available.  And now, for
a limited time, you can save 33% off of the TICSA certification exam! To
learn more about the TICSA certification, and to register as a TICSA
candidate online, just go to
http://www.trusecure.com/offer/s0100/
----
  • Next message: Roberto: "vBulletin Multiple Cross Site Scripting Vulnerabilities"

    Relevant Pages

    • Risks Digest 24.59
      ... ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ... Workshop on Web Security, ... FDA - MedWatch - Medical Device Safety - Change in Daylight ... Subject: REVIEW: "FISMA Certification and Accreditation Handbook", ...
      (comp.risks)
    • RE: CISSP-ISSMP
      ... the materials and touched the technology. ... trough a certification process and get certified. ... I am proud to be a certified security professional:) ... Certs are sort of new to the scene. ...
      (Pen-Test)
    • RE: CISSP-ISSMP
      ... management say "that's nice", and move on. ... education, certification, experience, know-how, abilities, and ... Many 'security jobs' are nothing shy than that of an overly glorified ... Download FREE whitepaper on how a managed service ...
      (Pen-Test)
    • [Full-Disclosure] RE: Full-Disclosure digest, Vol 1 #649 - 5 msgs
      ... Firewall disablers ... Send Full-Disclosure mailing list submissions to ... RE: Security Certifications ... Security Certification Consortium has developed and released a potentially destructive trojan application, which masquerades as a valid standard for professional certification in the field of information security. ...
      (Full-Disclosure)
    • Re: Hacker Stories, Certs, vs Projects - Was Re: Technitium MAC Address Changer
      ... and you meet with the technical lead of the group, this certification ... don't have any security certs or experience in the area. ... Download FREE whitepaper on how a managed service ... Download FREE whitepaper on how a managed service can ...
      (Pen-Test)