|
Internet Explorer Four Vulnerabilities
|
|
Secunia Advisory:
|
SA8649
|
|
|
Release Date:
|
2003-04-23
|
|
Popularity:
|
15,450 views
|
|
|
Critical:
|
Highly critical
|
|
Impact:
|
Exposure of system information
Exposure of sensitive information
System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2003-0113
CVE-2003-0114
CVE-2003-0115
CVE-2003-0116
|
|
Description:
Microsoft has issued a cumulative patch for Internet Explorer, which fixes the following four vulnerabilities:
1) A boundary error exists in "urlmon.dll" because certain parameters are checked incorrectly. A malicious person can exploit this to cause a buffer overflow on a user's system and execute arbitrary code with the privileges of the user by constructing a speciel web page and trick a user into visiting it.
2) An information disclosure vulnerability exists in the file upload control caused by a flaw in the way incoming requests for file uploads are handled. This allows input to be passed to the vulnerable control without user interaction. A malicious person can exploit this to retrieve arbitrary files from a user's system by constructing a malicious web page and luring the user into visiting it.
Successful exploitation requires that the requested file is not in use and that the malicious person knows the exact location of the file on the user's system.
3) An input validation error exists in a method for invoking third party plug-ins. The problem is that parameters of the URL used to reference a third party file type is not checked properly. A malicious person can exploit this to execute arbitrary script code on a user's system in the local computer zone by constructing a web page containing a specially crafted link to a third party file.
4) An information disclosure vulnerability exists in the way modal dialogs are rendered. Specifically, the vulnerability is caused by an input validation error because a parameter in the Cascading Style Sheet input parameter for modal dialogs is not checked properly. A malicious person can exploit this to read arbitrary files on a user's system by contructing a special web page and luring the user into visiting it.
Successful exploitation requires that the malicious person knows the exact location of the file on the user's system.
It is also possible to exploit the described vulnerabilities automatically in an email-borne attack when a user views a malicious email. However, this is not possible if the user is viewing the email in Outlook Express 6.0 or Outlook 2002 in their default configurations, or Outlook 98 or Outlook 2000 in conjunction with the Outlook Email Security Update.
NOTE: The released patch also sets the Kill Bit on the ActiveX control "plugin.ocx" and includes a fix for Internet Explorer 6.0 SP1, which corrects the way help information is displayed in the local computer zone.
Solution:
Apply patch manually or via Windows Update:
http://www.microsoft.com/windows/ie/downloads/critical/813489/default.asp
Provided and/or discovered by:
Microsoft credits the following:
Mark Litchfield, Andreas Sandblad and Jouko Pynnönen.
Original Advisory:
http://www.microsoft.com/technet/security/bulletin/MS03-015.asp
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
