Multiple Vulnerabilities in Microsoft Internet Explorer - 24 Aug 2002

Reported August 22, 2002, byMicrosoft.

VERSION AFFECTED

·        Microsoft Internet Explorer 6.0

·        Microsoft Internet Explorer 5.5

·        Microsoft Internet Explorer 5.01

DESCRIPTION

Five new vulnerabilities exist inMicrosoft’s Internet Explorer (IE), the most serious of which could allow apotential attacker to execute arbitrary code on the vulnerable system. Thesefive newly discovered vulnerabilities are:

·        A buffer overrun vulnerability affecting an ActiveX controlused to display specially formatted text. The control contains a buffer overrunvulnerability that could enable a potential attacker to run code on thevulnerable system under the security context of the currently logged on user.

·        A vulnerability involving how IE handles an HTML directivethat displays XML data. This directive does not correctly check for the casewhere a referenced XML data source is in fact redirected to a data source in adifferent domain. This flaw could enable a potential attacker’s web page toopen XML-based files residing on a remote system within a browser window thatthe site could read. This would enable the potential attacker to read contentsfrom websites that users had access to but the attacker was not able to navigateto.

·        A vulnerability involving how Internet Explorer representsthe origin of a file in the “File Download” dialogue box. This flaw couldenable a potential attacker to misrepresent the source of a file offered fordownload in an attempt to fool users into accepting a file download from anuntrusted source, instead believing it to be coming from a trusted source.

·        A Cross Domain verification vulnerability that occursbecause of improper domain checking in conjunction with the Object tag. Thisvulnerability could enable a malicious web site operator to access data acrossdifferent domains, such as one in a web site’s domain and the other on thevulnerable system’s local file system, and then pass information from thelatter to the former. This could enable the potential attacker to read, but notchange, any file on the vulnerable user’s local computer that could be viewedin a browser window.

·        A newly reported variant of the "Cross-Site Scriptingin Local HTML Resource" vulnerability originally discussed in MicrosoftSecurity Bulletin MS02-023.This variant could enable a potential attacker to create a web page that whenopened would run in the Local Computer zone security setting instead of theInternet Zone setting.

This is a cumulative patch that addresses allprevious vulnerabilities as well as the buffer overrun vulnerability affectingthe Gopher protocol handler reported in Microsoft Security Bulletin MS02-027.

VENDOR RESPONSE

Thevendor, Microsoft, has released SecurityBulletin MS02-047to address these vulnerabilities and recommends that affected users download andapply the appropriate patch mentioned in the security bulletin.

CREDIT

Discoveredby GreyMagic Software, MarkLitchfield of Next Generation SecuritySoftware Ltd. and Jouko Pynnonen of OyOnline Solutions Ltd.