Andr0m3da
Power Member
Madrid, May 16 2002 - Microsoft has released a patch (*) to correct six
vulnerabilities in Internet Explorer versions 5.01, 5.5 and 6.0. This
security update resolves some issues which could allow code to be run on
affected systems and it is therefore advisable to install it, where
necessary, as soon as possible.
The first vulnerability is a cross-site scripting issue, and lies in the
HTML pages that Internet Explorer installs by default and are run in the
local computer zone. An attacker could in effect, craft a web page, hosted
on a server or sent by e-mail, which, when the web page was viewed and the
user clicked on the URL link, would inject script which would run in the
Local Computer zone.
The second problem stems from the object that supports CSS files (Cascading
Style Sheets) and could allow a web page or HTML mail to be created which
could read a user's system files. In order to exploit this, the attacker
would need to know the exact location of the files and would not be able to
carry out any action other than reading them.
The third vulnerability could allow an attacker to construct a cookie that
could contain script for reading or modifying cookies from other sites. As
in the previous case, to exploit this vulnerability, the attacker would need
to know the exact name of the cookie stored on the user's system.
The fourth problem resolved by this Microsoft patch is related to the
Internet Explorer security zones, as it is possible to create a web page and
force it to be run in the "Intranet" zone, less commonly, the "Trusted
Sites" zone. As these areas have less security restrictions, it may be
possible to carry out potentially dangerous actions.
The last two vulnerabilities are variants of a previously resolved one, and
affect how IE handles downloads when a downloadable file's
Content-Disposition and Content-Type headers are intentionally malformed. As
opposed to the earlier vulnerability, these can only be exploited if the
system has certain applications installed.
Microsoft has also included an improvement to the Restricted Sites option
based on blocking the use of frames. In this way, by default, an HTML e-mail
is prevented from opening a new window automatically or launching the
download of an executable.
The patch is available from:
http://www.microsoft.com/windows/ie/downloads/critical/Q321232/default.asp
(*)Full details on the vulnerabilities and the Microsoft patch are available
from: http://www.microsoft.com/technet/security/bulletin/MS02-023.asp
vulnerabilities in Internet Explorer versions 5.01, 5.5 and 6.0. This
security update resolves some issues which could allow code to be run on
affected systems and it is therefore advisable to install it, where
necessary, as soon as possible.
The first vulnerability is a cross-site scripting issue, and lies in the
HTML pages that Internet Explorer installs by default and are run in the
local computer zone. An attacker could in effect, craft a web page, hosted
on a server or sent by e-mail, which, when the web page was viewed and the
user clicked on the URL link, would inject script which would run in the
Local Computer zone.
The second problem stems from the object that supports CSS files (Cascading
Style Sheets) and could allow a web page or HTML mail to be created which
could read a user's system files. In order to exploit this, the attacker
would need to know the exact location of the files and would not be able to
carry out any action other than reading them.
The third vulnerability could allow an attacker to construct a cookie that
could contain script for reading or modifying cookies from other sites. As
in the previous case, to exploit this vulnerability, the attacker would need
to know the exact name of the cookie stored on the user's system.
The fourth problem resolved by this Microsoft patch is related to the
Internet Explorer security zones, as it is possible to create a web page and
force it to be run in the "Intranet" zone, less commonly, the "Trusted
Sites" zone. As these areas have less security restrictions, it may be
possible to carry out potentially dangerous actions.
The last two vulnerabilities are variants of a previously resolved one, and
affect how IE handles downloads when a downloadable file's
Content-Disposition and Content-Type headers are intentionally malformed. As
opposed to the earlier vulnerability, these can only be exploited if the
system has certain applications installed.
Microsoft has also included an improvement to the Restricted Sites option
based on blocking the use of frames. In this way, by default, an HTML e-mail
is prevented from opening a new window automatically or launching the
download of an executable.
The patch is available from:
http://www.microsoft.com/windows/ie/downloads/critical/Q321232/default.asp
(*)Full details on the vulnerabilities and the Microsoft patch are available
from: http://www.microsoft.com/technet/security/bulletin/MS02-023.asp