RSSCritical Flaw Affects Internet Explorer
By Ed Oswald | Published April 26, 2006, 1:40 PM
A new vulnerability has been discovered within Internet Explorer's handling of the OBJECT tag that could cause the browser to crash. At first glance, the bug appears to be not much more than a nuisance, although an attack vector could not be ruled out by security experts.
Existence of the flaw has been confirmed on a fully patched version of Internet Explorer 6 running on Windows XP Service Pack 2, according to an advisory on the issue.
"At first sight, this vulnerability may offer a remote compromise vector, although not necessarily a reliable one," security researcher Michael Zalewski posted to the Full-disclosure mailing list on Sunday. "As such, panic, but only slightly."
Security firm Secunia has issued a slightly more dire warning regarding the flaw. Calling it a "highly critical" vulnerability, the firm said that successful exploitation would allow for the execution of arbitrary code. The firm recommends that users do not visit untrusted Web sites until a fix is provided.
Other security firms said that at the current time, no known malicious sites are attempting to take advantage of the vulnerability, but scans are ongoing. Additionally, no known exploit code is available to the public.
Microsoft has confirmed the issue, saying its initial tests showed that only a crash vulnerability existed due to the issue. An investigation is ongoing, but no possible remedies have been announced.
Disclosure of the flaw comes just two weeks after April's Patch Tuesday, where some ten vulnerabilities were patched as part of the monthly security update.
http://www.securident.com/vuln/ff.txt
Software:
Firefox Web Browser
Tested:
Linux, Windows clients' version 1.5.0.2
Result:
Firefox Remote Code Execution and Denial of Service - Vendor contacted, no patch yet.
Problem:
A handling issue exists in how Firefox handles certain Javascript in js320.dll and xpcom_core.dll
regarding iframe.contentWindow.focus(). By manipulating this feature a buffer overflow will occur.
Proof of Concept:
http://www.securident.com/vuln/ff.txt
Score: 0
|IE code execution is not confirmed and not proved.
Score: 0
|I wonder how much of the original IE code still existss and how much has been re-written\patched.
Score: 0
|get the source codes and use the "diff" command ;)
Score: 0
|IE is for people not in the know, they are what everyone else earns cash from. People who use this forum are in the know and probebly use another browser and we all swear by it like we programed it ourself or we run IE with features dissabled by default if we are so inclined. You pick your poisen and click the icon.
Score: 0
|Sounds like you could replace 'IE' with 'MSN' in your post and still be on the money.
Score: 0
|You could replace IE with the Windows OS and still be on the money as well.
Score: 0
|In computer terms, IE6 is as old as my dead dad, and we're surprised at this? Get IE7 beta 2, it's great.
Score: 0
|Sometimes I just feel like loading up Windows 98SE and browsing the internet. All the fun things that could happen...
....yah. I'm board. :)
Score: 0
|board?
Which, certainly not mahogany? I bet you're pine.
Score: 0
|"Sometimes I just feel like loading up Windows 98SE and browsing the internet. All the fun things that could happen..."
HAHAH that made my day...
Score: 0
|Was that a geek joke?
...And what does it say about me that I got it?
Score: 0
|That you're....
...wait for it...
...a geek.
Score: 0
|Here we go again ......
Score: 0
|Another week, another MS related exploit. Yummy.
Score: 0
|From the original author's posting:
"Well, that's it. Feel free to research this further. This vulnerability,
as requested by customers, is released in strict observance of the Patch
Wednesday & Bug Saturday policy."
LOL!
Score: 0
|"t first glance, the bug appears to be not much more than a nuisance, although an attack vector could not be ruled out by security experts.
I call FUD.
No chance of hitting it in the wild, and only a miniscule one of even these guys finding a reliable vector with it.
As such...move along....
Score: 0
|Only mention of IE6 with SP2? So does that mean IE 5.5 users are OK? (kidding)
Seriously, BN is reporting this perhaps a bit to early--we know very very little about this issue right now, otherwise the FF folks or whomever would already have proof-of-concept code released for it.
Score: 0
|