[INFO] - New Attack Compromises Fully-Patched IE Browsers

De: "Ille Corvus" <illecorvus@spamgourmet.com>
Asunto: [Seguridad] Microsoft Internet Explorer
Fecha: jueves, 10 de junio de 2004 13:58

Internet Explorer carved up by zero-day hole
http://www.computerworld.com.au/index.php?id7316298&eid=-255


Two new vulnerabilities have been discovered in Internet Explorer
which allow a complete bypass of security and provide system access to
a computer, including the installation of files on someone's hard disk
without their knowledge, through a single click.

Worse, the holes have been discovered from analysis of an existing
link on the Internet and a fully functional demonstration of the
exploit have been produced and been shown to affect even fully patched
versions of Explorer.

It has been rated "extremely critical" by security company Secunia,
and the only advice is to disable Active Scripting support for all but
trusted websites.

The discovery stems from Dutch researcher Jelmer who was sent an
Internet link which he was warned used unknown Explorer
vulnerabilities to install adware on his computer. He found it did and
embarked on a detailed analysis of the link, which demonstrates an
extremely sophisticated use of encrypted code to bypass the Web
browser's security.

In simple terms, the link uses an unknown vulnerability to open up a
local Explorer help file --
ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm. It delays
executing anything immediately but instead uses another unknown
vulnerability to run another file which in turn runs some script. This
script is then used to run more script. And finally that script is
used to run an exploit that Microsoft Corp. has been aware of since
August 2003 but hasn't patched.

That exploit -- Adodb.stream -- has not been viewed as particularly
dangerous, since it only works when the file containing the code is
present on the user's hard disk. The problem comes in the fact that
the Help file initially opened is assumed to be safe since it is a
local file and so has minimal security restrictions.

By using the unknown exploits, code is installed within the help file
window, all security efforts are bypassed, and the Adodb.stream
exploit is then used to download files on the Internet direct to the
hard disk.

What this means in reality is that if you click on a malicious link in
an email or on the Internet, a malicious user can very quickly have
complete control of your PC. And there is no patch available. You can
see it happen by click here.

With the code already available on the Net, this is effectively a
security nightmare ... unless you're a Mozilla or Opera user that is.


Ampliación :
De: "kayodeok" <news4kayode@btopenworld.com>
Grupos de noticias: grc.security
Enviado: jueves, 10 de junio de 2004 16:21
Asunto: New Attack Compromises Fully-Patched IE Browsers


New Attack Compromises Fully-Patched IE Browsers
http://news.netcraft.com/archives/2...s_fullypat
ched_ie_browsers.html
http://news.zdnet.co.uk/software/wi...297,00.htm
http://www.theregister.co.uk/2004/0...d_ie_flaw/

A new security hole in Internet Explorer exploit allows
hackers to gain control of a user's computer when they
click on a hyperlink, even while using a fully-patched
version of IE6. An exploit using the technique, which employs
a complex series of Javascript, VBScript and PHP code, has been
published on the Web and is being discussed in several security
mailing lists.

The attack splices together multiple weaknesses in Internet Explorer,
including at least one known but unpatched flaw and several new ones.
The scripting cocktail tricks the browser into running code from a remote
web server as though it were a local help file, and can then install a
trojan of the attacker's choice on the compromised system.

The exploit is launched when a user clicks on a malicious link in an e-mail
or web page. Internet Explorer launches a pop-up window with an "iframe"
tagg,
which is commonly used to display text or interactive features in a floating
window. The code tricks the browser into thinking the iframe contains a help
file from the user's hard drive, while downloading a javascript that can
then
run with local privileges. The javascript then launches a remote php file,
which
in turn downloads a trojan to the user's hard drive. A complete analysis of
the
exploit and how it works can be found here.

Some security professionals called the new hack an example of a "zero-day
exploit," in which a working attack is published at the same time a
vulnerability is discovered. The existence of a published exploit puts
pressure on Microsoft to quickly come up with a patch for all IE users.
Early reports suggest the key security holes may be patched in Windows XP
Service Pack 2, which is now in beta.

Kayode Okeyode