[nycphp-talk] Fw: TA04-033A: Multiple Vulnerabilities in Microsoft Internet Explorer
jon baer
jonbaer at jonbaer.net
Wed Feb 4 03:36:17 EST 2004
thought this might be of interest to the list (sorry to anyone whose
bandwidth gets eaten up) ... then again im sure we all use linux and have
nothing to fear to begin with :-)
the interesting part of course is that MS will discontinue their non
standard(?) use of the url form:
http://user:pass@site.com:port/foo/bar.html
making anything using parse_url($url) possibly break, but then again if ur
using this scheme to begin with you should be spanked :-) ...
- jon
----- Original Message -----
From: "CERT Advisory" <cert-advisory at cert.org>
To: <cert-advisory at cert.org>
Sent: Monday, February 02, 2004 8:58 PM
Subject: TA04-033A: Multiple Vulnerabilities in Microsoft Internet Explorer
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Multiple Vulnerabilities in Microsoft Internet Explorer
>
> Original issue date: February 02, 2004
> Last revised: --
> Source: US-CERT
>
> Systems Affected
>
> Microsoft Windows systems running
>
> * Internet Explorer 5.01
> * Internet Explorer 5.50
> * Internet Explorer 6
>
> Previous, unsupported, versions of Internet Explorer may also be
> affected.
>
> Overview
>
> Microsoft Internet Explorer (IE) contains multiple vulnerabilities,
> the most serious of which could allow a remote attacker to execute
> arbitrary code with the privileges of the user running IE.
>
> Description
>
> Microsoft Security Bulletin MS04-004 describes three vulnerabilities
> in Internet Explorer. These vulnerabilities are listed below. More
> detailed information is available in the individual vulnerability
> notes. Note that in addition to IE, any applications that use the IE
> HTML rendering engine to interpret HTML documents may present
> additional attack vectors for these vulnerabilities.
>
> VU#784102 - Microsoft Internet Explorer Travel Log Cross Domain
> Vulnerability
>
> A cross-domain scripting vulnerability exists in the Travel Log
> functionality of Internet Explorer. This vulnerability could allow a
> remote attacker to execute arbitrary script in a different domain,
> including the Local Machine Zone.
> (Other resources: CAN-2003-01026)
>
> VU#413886 - Microsoft Internet Explorer Drag-and-Drop Operation
> Vulnerability
>
> Internet Explorer allows remote attackers to direct drag and drop
> behaviors and other mouse click actions by using method caching
> (SaveRef) to access the window.moveBy method.
> (Other resources: CAN-2003-01027)
>
> VU#652278 - Microsoft Internet Explorer does not properly display URLs
>
> Microsoft Internet Explorer does not properly display the location of
> HTML documents. An attacker could exploit this behavior to mislead
> users into revealing sensitive information.
> (Other resources: CAN-2003-01025)
>
> Impact
>
> These vulnerabilities have different impacts, ranging from disguising
> the true location of a URL to executing arbitrary commands or code.
> Please see the individual vulnerability notes for specific
> information. The most serious of these vulnerabilities (VU#784102)
> could allow a remote attacker to execute arbitrary code with the
> privileges of the user running IE. The attacker could exploit this
> vulnerability by convincing the user to access a specially crafted
> HTML document, such as a web page or HTML email message. No user
> intervention is required beyond viewing the attacker's HTML document
> with IE.
>
> Solutions
>
> Apply a patch
>
> Apply the appropriate patch as specified by Microsoft Security
> Bulletin MS04-004.
>
> * Microsoft Security Bulletin MS04-004 -
> <http://microsoft.com/technet/security/bulletin/MS04-004.asp>
>
> Note: The fix included in MS04-004 for VU#652278 may cause sites that
> use URLs of the form "username:password at www.example.com" to break.
> This change, along with workarounds for users and administrators of
> such sites, is covered in Microsoft KB Article 834489.
>
> Vendor Information
>
> This section contains information provided by vendors. When vendors
> report new information, this section is updated and the changes are
> noted in the revision history. If a vendor is not listed below, we
> have not received their comments.
>
> Microsoft
>
> Please see Microsoft Security Bulletin MS04-004.
> _________________________________________________________________
>
> References
>
> * CERT/CC Vulnerability Note VU#784102 -
> <http://www.kb.cert.org/vuls/id/784102>
>
> * CERT/CC Vulnerability Note VU#413886 -
> <http://www.kb.cert.org/vuls/id/413886>
>
> * CERT/CC Vulnerability Note VU#652278 -
> <http://www.kb.cert.org/vuls/id/652278>
>
> * Microsoft Security Bulletin MS04-004 -
> <http://microsoft.com/technet/security/bulletin/MS04-004.asp>
>
> * Microsoft KB Article 834489 -
> <http://support.microsoft.com/?id=834489>
>
> * CVE CAN-2003-01025 -
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-01025>
>
> * CVE CAN-2003-01026 -
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-01026>
>
> * CVE CAN-2003-01027 -
> <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-01027>
> _________________________________________________________________
>
> Feedback can be directed to the authors, Allen Householder and Art
> Manion.
> _________________________________________________________________
>
> Copyright 2004 Carnegie Mellon University.
>
> Revision History
>
> February 02, 2004: Initial release
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.2.1 (GNU/Linux)
>
> iD8DBQFAHvI/XlvNRxAkFWARAvpgAJsFng4fQDA1iOursbppOf8JoX2HXQCgt+B8
> iK8Z8VaOs6MZsMuUGccHFko=
> =bHZu
> -----END PGP SIGNATURE-----
>
More information about the talk
mailing list