Re: Minor IE vulnerability: about: URLs

From: Simon Kornblith (slists@simonster.com)
Date: 10/20/01 

Date: Sat, 20 Oct 2001 09:34:25 -0400
Subject: Re: Minor IE vulnerability: about: URLs
From: Simon Kornblith <slists@simonster.com>
To: Pedro Miller Rabinovitch <pedro@ciphertech.com.br>, Clover Andrew <aclover@1value.com>, <bugtraq@securityfocus.com>
Message-ID: <B7F6F5A0.2FB%slists@simonster.com>

On 10/19/01 5:47 PM, "Pedro Miller Rabinovitch" <pedro@ciphertech.com.br>
wrote:

> At 17:13 +0200 19.10.01, Clover Andrew wrote:
>> Versions:
>>
>> Assume all versions of IE/Win are vulnerable. Status of IE under other
>> platforms is unknown. Versions tested:
>>
>> 4.72.3612.1713 (SP2; 3283)
>> 5.00.3315.1000 (SP2)
>> 5.50.4522.1800
>> 6.0.2600.0000
>
> I've confirmed the bug in the above.
>
> In MacOs 9.1, IE5 and IE4.5 do not expose the hidden about:
> 'feature'. Thus, they don't seem to be vulnerable.
>
> As a U.S. Senator recently said (as quoted by Wired magazine) on the
> whole security problem: "Use a Mac." ;-)
> (please take this comment with a truckload of salt. I *am* j/k)

I can also confirm that IE 5.1 for Mac OS X isn't vulnerable. It just shows
the entire thing in the title of the about box, even if you type in
about:</title>. Not sure if this was the same outcome as IE5 and IE4.5, it
probably was.

>> A Microsoft chap pointed out that sites can already break out of the
>> Restricted Sites Zone, simply by pointing at another site that is
>> not in that Zone.

Simon

Relevant Pages

  • Microsoft Security Bulletin MS02-023
    ... IE ships with several files that contain HTML on the local file ... An attacker could craft a web page ... with a URL that exploits this vulnerability and then either host ... it introduces a behavior change to the Restricted Sites zone. ...
    (microsoft.public.security)
  • Re: Microsoft Security Bulletin MS02-023
    ... > - A cross-site scripting vulnerability in a Local HTML Resource. ... An attacker could craft a web page ... it introduces a behavior change to the Restricted Sites zone. ...
    (microsoft.public.security)
  • Re: Update and comments on the MS02-023 patch, holes still remain
    ... The Restricted Sites Zone ... > tries to disable scripting (a requisite for the dialogArguments ... > vulnerability), but many vulnerabilities allow you to circumvent this ... So essentially the Restricted Sites feature offers zero security protection ...
    (Bugtraq)
  • Re: Minor IE vulnerability: about: URLs
    ... Subject: Minor IE vulnerability: about: URLs ... At 17:13 +0200 19.10.01, Clover Andrew wrote: ... >Assume all versions of IE/Win are vulnerable. ... >Restricted Sites Zone, simply by pointing at another site that is ...
    (Bugtraq)
  • SecurityFocus Microsoft Newsletter #112
    ... MICROSOFT VULNERABILITY SUMMARY ... Northern Solutions Xeneo Web Server Denial Of Service Vulnerability ... Pablo Software Solutions FTP Server Format String Vulnerability ... NEW PRODUCTS FOR MICROSOFT PLATFORMS ...
    (Focus-Microsoft)