Internet Explorer Local Resource Access and Cross-Zone Scripting Vulnerabilities
Secunia Advisory: SA11793
Release Date: 2004-06-08
Critical:
Extremely critical
Impact: Security Bypass
System access
Where: From remote
Software: Microsoft Internet Explorer 6
Description:
Two vulnerabilities have been reported in Internet Explorer, which in combination with other known issues can be exploited by malicious people to compromise a user's system.
1) A variant of the "Location:" local resource access vulnerability can be exploited via a specially crafted URL in the "Location:" HTTP header to open local files.
Example:
"Location: URL:ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm"
2) A cross-zone scripting error can be exploited to execute files in the "Local Machine" security zone.
Secunia has confirmed the vulnerabilities in a fully patched system with Internet Explorer 6.0. It has been reported that the preliminary SP2 prevents exploitation by denying access.
Successful exploitation requires that a user can be tricked into following a link or view a malicious HTML document.
NOTE: The vulnerabilities are actively being exploited in the wild to install adware on users' systems.
Solution:
Disable Active Scripting support for all but trusted web sites.
Provided and/or discovered by:
Originally discovered in the wild.
Detailed analysis of exploit by Jelmer.
Changelog:
2004-06-08: Updated information in advisory.
Και το Full - Disclosure εδώ:
http://archives.neohapsis.com/archives/ ... /0104.html