TechTalk & Personal Computing Guide

India-Forums

   
TechTalk & Personal Computing Guide
TechTalk & Personal Computing Guide

New flaw found in IE..pcworld.com reports

cdesai12 Goldie
cdesai12
cdesai12

Joined: 18 September 2004
Posts: 1900

Posted: 07 January 2005 at 4:12pm | IP Logged

IE Flaw Exploited

 Security firm identifies exploit technique for known browser hole.

Matthew Broersma, Techworld.com

Friday, January 07, 2005

Internet Explorer has become an even bigger security risk--even under Windows XP SP2--with the publication of a new and extensive exploit.

Security researchers have warned that the exploit, which takes advantage of known loopholes in SP2, could allow an attacker to run script code on a user's system via a specially crafted Web page.

Known Hole

The holes involved have been known publicly for more than two months, but previous exploit techniques required the user to take actions such as dragging an image from one part of a Web page to another. The new exploit--a demonstration of which has been published by Danish security firm Secunia--is fully automated, requiring the user only to visit a Web page in Explorer. Other browsers and operating systems aren't affected.

"There now is a 'reliable' working exploit that can compromise an SP2 system by just visiting a Web page," says Secunia chief technology officer Thomas Kristensen. Secunia has raised its warning level to its highest, "extremely critical."

Security group Greyhats warned of the new type of exploit in an advisory in late December. Secunia then upgraded its advisory to "extremely critical" and published a demonstration based on a proof-of-concept by a researcher known as ShredderSub7. US-CERT, the U.S. computer security alert organization, has also published an advisory on the issue.

Issues Identified

Microsoft has warned users to turn off IE's 'Drag and drop or copy and paste files' option as a partial solution. The danger can also be lessened by setting security levels to high for the 'Internet' zone or, as several security firms pointed out, using another browser.

The exploit is the first major weakness in SP2 to have surfaced. Microsoft is promoting SP2, released last summer, as a solution to many of Windows' worst security problems.

Researchers have identified three separate but related issues in IE: a bug in the validation of certain drag-and-drop events, and zone restriction errors with embedded HTML Help ActiveX controls. The first problem can be avoided by disabling the 'Drag and drop or copy and paste files' option, but the new exploit doesn't rely on this particular bug, researchers said.

The HTML Help control exploit bypasses one of SP2's key features, the 'Local Machine' zone lock down, designed to make it far more difficult for attackers to execute script on a local system.

 

rabeeak2003 IF-Dazzler
rabeeak2003
rabeeak2003

Joined: 26 August 2004
Posts: 3898

Posted: 07 January 2005 at 4:41pm | IP Logged
thanks for the article!
HUMM IF-Dazzler
HUMM
HUMM

Joined: 06 November 2004
Posts: 2927

Posted: 07 January 2005 at 10:46pm | IP Logged
thanks a lot for that article!!ClapClapClap
mango Global Moderator
mango
mango

Joined: 08 December 2004
Posts: 9255

Posted: 09 January 2005 at 8:22pm | IP Logged
thanx for the article!
  • Page 1 of 1

Go to top

Related Topics

  Topics Author Replies Views Last Post
869 Spyware found on my comp

Author: cdesai12   Replies: 3   Views: 720

cdesai12 3 720 10 February 2005 at 4:17am by queenbee
Pcworld excluisve: DVD Ripping Flourishes

Author: cdesai12   Replies: 1   Views: 1721

cdesai12 1 1721 09 February 2005 at 7:35pm by HUMM
Beware : IE Flaw Exploited

Author: cdesai12   Replies: 2   Views: 671

cdesai12 2 671 12 January 2005 at 6:42am by nandiinii

Forum Quick Jump

Forum Category / Channels
Forums

  • Please login to check your Last 10 Topics posted

Disclaimer: All Logos and Pictures of various Channels, Shows, Artistes, Media Houses, Companies, Brands etc. belong to their respective owners, and are used to merely visually identify the Channels, Shows, Companies, Brands, etc. to the viewer. Incase of any issue please contact the webmaster.

Popular Channels :
Star Plus | Zee TV | Sony TV | Colors TV | SAB TV | Life OK

Quick Links :
Top 100 TV Celebrities | Top 100 Bollywood Celebs | About Us | Contact Us | Advertise | Forum Index