[NT] Internet Explorer GetObject() Problems
From: support@securiteam.comDate: 01/04/02
- Previous message: support@securiteam.com: "[UNIX] Stunnel Format String Security Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Fri, 4 Jan 2002 00:18:37 +0100 (CET)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Internet Explorer GetObject() Problems
------------------------------------------------------------------------
SUMMARY
Internet Explorer is vulnerable to a security vulnerability that allows
reading of local files due to a bug in GetObject(). Reading local files
may also lead to executing of arbitrary programs.
DETAILS
Vulnerable systems:
Internet Explore 6.0
Internet Explore 5.5
GetObject() has a bad security record - see
<http://www.securiteam.com/cgi-bin/htsearch?config=htdigSecuriTeam&words=getobject> http://www.securiteam.com/cgi-bin/htsearch?config=htdigSecuriTeam&words=getobject for more information.
A new directory traversal security vulnerability allows attackers to gain
access to files that reside anywhere on the user's file system.
Workaround:
Disable Active Scripting.
Vendor status:
Microsoft was notified on 11 December 2001.
ADDITIONAL INFORMATION
The information has been provided by <mailto:guninski@guninski.com>
Georgi Guninski.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Stunnel Format String Security Vulnerability"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
- Re: Updating Internet Options using a Script
... files run from the internet safer than local files on your ... You will get
the security error message. ... This should be the default settings with SP2. ...
These are local files that contain ... (microsoft.public.windows.inetexplorer.ie6.browser) - Re: Updating Internet Options using a Script
... > I don't want to run a script out of I/E that changes> the security settings.
... Local files whether they are> run from a browser or not should be considered safe.
... All> local files should be trusted according to the help file> for Internet Explorer.
... It's> actually a problem with SP2. ... (microsoft.public.windows.inetexplorer.ie6.browser) - Re: Updating Internet Options using a Script
... I don't want to run a script out of I/E that changes ... the security settings.
... It's not a matter of making our application more SP2 ... These are local
files that contain ... (microsoft.public.windows.inetexplorer.ie6.browser) - Re: uploading directories recursively
... Not using javascript from a remote web sites under the standard security ...
restrictions (the browser does not normally expose the local files ... or facilitate
the loading of files from the local computer into ... (comp.lang.javascript) - Re: Firefox question
... Derek Broughton wrote: ... web page to permit links to local files. ...
some circumstances where security is unlikely to be compromised. ... news is that it doesn't
seem to actually execute the file if it's a script. ... (Ubuntu)
