Multiple Vulnerabilities in Microsoft Internet Explorer - 11 Oct 2001

Multiple vulnerabilities exist in Microsoft Internet Explorer (IE).

Ken Pfeil

October 10, 2001

3 Min Read
ITPro Today logo

ReportedOctober 10, 2001, by Microsoft.

VERSIONSAFFECTED

  • Microsoft Internet Explorer 6.0, 5.5, and 5.01

 

DESCRIPTION
Multiplevulnerabilities exist in Microsoft Internet Explorer (IE). The firstvulnerability results from IE's improper handling of dotless IP addresses. Forexample, if an attacker enters an address of http://3473223093instead of http://207.5.45.181 and formats therequest in a particular way, IE uses the intranet zone to open the site ratherthan the correct Internet zone. This vulnerability doesn't affect IE 6.0.

 

The second vulnerability involveshow IE handles URLs that specify third-party sites. By encoding an URL in aparticular way, an attacker can include and send HTTP requests to the site afterestablishing a connection and it will look like a qualified user sent therequests. If exploited against a Web-based service (such as a Web-based mailservice), the attacker can take action on the user’s behalf, including sendinga request to delete data.

 

The third vulnerability is a newvariant of a vulnerability that Microsoft originally reported in SecurityBulletin MS01-015.This vulnerability affects how an attacker can use IE to invoke Telnet sessions.By design, users can use IE to launch Telnet sessions, but doing so startsTelnet using any command-line options the Web site specifies. This functionalitybecomes a concern only when using the Telnet client version that installs aspart of Services for UNIX (SFU) 2.0 on Windows 2000 and Windows NT 4.0 machines.This version of the Telnet client provides an option for creating a verbatimtranscript of a Telnet session. An attacker can use the logging option to starta Telnet session, and stream an executable file onto the user’s system in alocation that automatically executes the file the next time the user boots themachine. The vulnerability doesn't lie in the Telnet client, but in IE, whichshouldn't let an attacker start Telnet remotely with command-line arguments.

 

VENDOR RESPONSE

The vendor, Microsoft,has released Security Bulletin MS01-051to address this vulnerability and recommends that affected users apply the patchprovided. Microsoft will provide an NT 4.0 Terminal Services patch at the samesecurity bulletin when it becomes available.

 

CREDIT
Discovered by MichielKikkert (dotless IP vulnerability) and JoaoGouviea (HTTP request encoding vulnerability).

Read more about:

Microsoft

About the Author(s)

Ken Pfeil

Ken Pfeil

See more from Ken Pfeil
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

cybersecurity operator or hacker works with data in dark room
IT Security
Master AI Cybersecurity: Protect and Enhance Your NetworkMaster AI Cybersecurity: Protect and Enhance Your Network
byBrien Posey
May 21, 2024
5 Min Read
business person stamping a document
IT Operations
How to Get Executive Buy-In for IT ProjectsHow to Get Executive Buy-In for IT Projects
byChristopher Tozzi
May 28, 2024
6 Min Read
yellow block stuck in between blue cog wheels
PowerShell
Using ChatGPT as a PowerShell Debugging ToolUsing ChatGPT as a PowerShell Debugging Tool
byBrien Posey
Jun 4, 2024
4 Min Read