Multiple Vulnerabilities in Microsoft Internet Explorer - 11 Oct 2001
Multiple vulnerabilities exist in Microsoft Internet Explorer (IE).
October 10, 2001
ReportedOctober 10, 2001, by Microsoft.
VERSIONSAFFECTED
Microsoft Internet Explorer 6.0, 5.5, and 5.01
DESCRIPTION
Multiplevulnerabilities exist in Microsoft Internet Explorer (IE). The firstvulnerability results from IE's improper handling of dotless IP addresses. Forexample, if an attacker enters an address of http://3473223093instead of http://207.5.45.181 and formats therequest in a particular way, IE uses the intranet zone to open the site ratherthan the correct Internet zone. This vulnerability doesn't affect IE 6.0.
The second vulnerability involveshow IE handles URLs that specify third-party sites. By encoding an URL in aparticular way, an attacker can include and send HTTP requests to the site afterestablishing a connection and it will look like a qualified user sent therequests. If exploited against a Web-based service (such as a Web-based mailservice), the attacker can take action on the user’s behalf, including sendinga request to delete data.
The third vulnerability is a newvariant of a vulnerability that Microsoft originally reported in SecurityBulletin MS01-015.This vulnerability affects how an attacker can use IE to invoke Telnet sessions.By design, users can use IE to launch Telnet sessions, but doing so startsTelnet using any command-line options the Web site specifies. This functionalitybecomes a concern only when using the Telnet client version that installs aspart of Services for UNIX (SFU) 2.0 on Windows 2000 and Windows NT 4.0 machines.This version of the Telnet client provides an option for creating a verbatimtranscript of a Telnet session. An attacker can use the logging option to starta Telnet session, and stream an executable file onto the user’s system in alocation that automatically executes the file the next time the user boots themachine. The vulnerability doesn't lie in the Telnet client, but in IE, whichshouldn't let an attacker start Telnet remotely with command-line arguments.
VENDOR RESPONSE
The vendor, Microsoft,has released Security Bulletin MS01-051to address this vulnerability and recommends that affected users apply the patchprovided. Microsoft will provide an NT 4.0 Terminal Services patch at the samesecurity bulletin when it becomes available.
CREDIT
Discovered by MichielKikkert (dotless IP vulnerability) and JoaoGouviea (HTTP request encoding vulnerability).
Read more about:
MicrosoftAbout the Author
You May Also Like