[VULNERABLE] (US-CERT Issues Advisory) Microsoft Internet Explorer

12/06/2004 - 16:12 por Ille Corvus | Informe spam

(US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain
Redirect Hole Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/aler...10479.html

Impact: Execution of arbitrary code via network, User access via
network

Exploit Included: Yes

Advisory: CERT (Computer Emergency Response Team)

Version(s): 6 and prior versions

Description: US-CERT issued an advisory for a vulnerability in
Microsoft Internet Explorer (IE) that is being actively exploited in
the wild. A remote user can execute arbitrary code on the target
system.

The exploit takes advantage of a vulnerability in IE in the processing
of HTTP redirections. A remote user can create specially crafted HTML
that, when loaded by the target user, will execute arbitrary code on
the target system in the security context of the Local Computer zone.
Fully patched systems are vulnerable.

A web server can return an HTTP 302 Redirect command to load a local
file in an iframe with the following type of Location header:

Location: URL:ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm

Through a series of scripting steps, remotely supplied HTML can be
executed in the Local Computer zone.

The exploit was described by Rafel Ivgi
(http://archives.neohapsis.com/archi.../0031.html
and
http://archives.neohapsis.com/archi.../0104.html)
and further analyzed by Jelmer (http://62.131.86.111/analysis.htm).

The exploit also invokes a previously reported IE ADODB.Stream
vulnerability (that remains unpatched) to execute code on the target
system.

The US-CERT advisory is available at:
http://www.us-cert.gov/cas/techalerts/TA04-163A.h tml
Impact: A remote user can cause arbitrary code to be executed on the
target user's system.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/technet/security/ (Links to External
Site)

Cause: Access control error

Underlying OS: Windows (Any)

Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)

"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."