Microsoft Internet Explorer Multiple Vulnerabilities
http://secunia.com/advisories/12048/


Secunia Advisory: SA12048
Release Date: 2004-07-13

Critical: Extremely critical
Impact: Security Bypass Spoofing
System access
Where: From remote

Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

Choose a product and view comprehensive vulnerability statistics and
all Secunia advisories affecting it.

Description:
Paul has reported some vulnerabilities in Internet Explorer, allowing
malicious people to bypass security restrictions and potentially
compromise a vulnerable system.

1) It is possible to redirect a function to another function with the
same name, which allows a malicious website to access the function
without the normal security restrictions.

Successful exploitation allows execution of arbitrary script code in
the context of another website. This could potentially allow execution
of arbitrary code in other security zones too.

2) Malicious sites can trick users into performing actions like
drag'n'drop or click on a resource without their knowledge. An example
has been provided, which allows sites to add links to "Favorites".
However, resources need not be links and the destination could be
different than "Favorites".

This issue is a variant of an issue discovered by Liu Die Yu.
SA9711

http-equiv has posted a PoC (Proof of Concept), which combined with
the inherently insecure Windows "shell:" functionality, can be
exploited to compromise a vulnerable system.

3) It is possible to inject arbitrary script code into Channel links
in Favorites, which will be executed when the Channel is added. The
script code is executed in Local Security Zone context.

4) It is possible to place arbitrary content above any other window
and dialog box using the "Window.createPopup()" function. This can be
exploited to "alter" the appearance of dialog boxes and other windows.

Successful exploitation may potentially cause users to open harmful
files or do other harmful actions without knowing it.

An additional issue allowing malicious sites to inject script into the
Local Security Zone using anchor references has also been reported to
affect Internet Explorer 6 running on Windows XP SP2 (release
candidate / beta). This issue could not be confirmed on a fully
patched Windows XP SP1 system.

Issues 1-4 has been confirmed on a fully patched system with Internet
Explorer 6 and Microsoft Windows XP SP1.

Previous versions of Internet Explorer may also be affected.

Solution:
Disable Active Scripting.

Use another product.

Provided and/or discovered by:
1-3) Discovered by Paul (greyhats).
4) Originally discovered by Georgi Guninski.

Other References:
SA9711:
http://secunia.com/advisories/9711/


--
Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)


«Prefiero molestar con la verdad que complacer con adulaciones (Lucio Anneo Seneca)»