|
Internet Explorer Four Vulnerabilities
|
|
|
|
|
Secunia Advisory:
|
SA8649
|
|
|
Release Date:
|
2003-04-23
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
| | CVE reference: | CVE-2003-0113 (Secunia mirror)
CVE-2003-0114 (Secunia mirror)
CVE-2003-0115 (Secunia mirror)
CVE-2003-0116 (Secunia mirror)
|
|
|
Want to know the next time vulnerabilities are fixed in this product?
- Companies can be alerted via email and SMS! |
|
|
Description:
Microsoft has issued a cumulative patch for Internet Explorer, which fixes the following four vulnerabilities:
1) A boundary error exists in "urlmon.dll" because certain parameters are checked incorrectly. A malicious person can exploit this to cause a buffer overflow on a user's system and execute arbitrary code with the privileges of the user by constructing a speciel web page and trick a user into visiting it.
2) An information disclosure vulnerability exists in the file upload control caused by a flaw in the way incoming requests for file uploads are handled. This allows input to be passed to the vulnerable control without user interaction. A malicious person can exploit this to retrieve arbitrary files from a user's system by constructing a malicious web page and luring the user into visiting it.
Successful exploitation requires that the requested file is not in use and that the malicious person knows the exact location of the file on the user's system.
3) An input validation error exists in a method for invoking third party plug-ins. The problem is that parameters of the URL used to reference a third party file type is not checked properly. A malicious person can exploit this to execute arbitrary script code on a user's system in the local computer zone by constructing a web page containing a specially crafted link to a third party file.
4) An information disclosure vulnerability exists in the way modal dialogs are rendered. Specifically, the vulnerability is caused by an input validation error because a parameter in the Cascading Style Sheet input parameter for modal dialogs is not checked properly. A malicious person can exploit this to read arbitrary files on a user's system by contructing a special web page and luring the user into visiting it.
Successful exploitation requires that the malicious person knows the exact location of the file on the user's system.
It is also possible to exploit the described vulnerabilities automatically in an email-borne attack when a user views a malicious email. However, this is not possible if the user is viewing the email in Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or Outlook 2000 in conjunction with the Outlook Email Security Update.
NOTE: The released patch also sets the Kill Bit on the ActiveX control "plugin.ocx" and includes a fix for Internet Explorer 6.0 SP1, which corrects the way help information is displayed in the local computer zone.
Do you have this product installed on your home computer? Scan using the free Personal Software Inspector. Check if a vulnerable version is installed on computers in your corporate network, using the Network Software Inspector.
Solution:
Apply patch manually or via Windows Update:
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Provided and/or discovered by:
Microsoft credits the following:
Mark Litchfield, Andreas Sandblad and Jouko Pynnönen.
Original Advisory:
http://www.microsoft.com/technet/security/bulletin/MS03-015.asp
|
|
|
|
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
|
135 Related Secunia Security Advisories, displaying 10
|
|
|
1. Internet Explorer MHTML Protocol Handler Cross-Domain Information Disclosure
|
|
2. Internet Explorer Multiple Vulnerabilities
|
|
3. Internet Explorer 6 Window "location" Handling Vulnerability
|
|
4. Internet Explorer "substringData()" Memory Corruption Vulnerability
|
|
5. Internet Explorer "Print Table of Links" Cross-Zone Scripting
|
|
6. Internet Explorer HTTP Request Smuggling/Splitting Vulnerabilities
|
|
7. Internet Explorer FTP Command Injection Vulnerability
|
|
8. Microsoft Internet Explorer Multiple Vulnerabilities
|
|
9. Internet Explorer Multiple Code Execution Vulnerabilities
|
|
10. Microsoft Web Proxy Auto-Discovery Feature Security Issue
|
Show all related advisories
|
|
|
Send Feedback to Secunia
|
|
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
|
|
|
|
