PDA

View Full Version : Tech: IE security exploit (even with patched system)


Mr. Laz
12-17-2004, 11:14 AM
Internet Explorer Cross-Site Scripting Vulnerability Test

http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/

Secunia Advisory: SA13482
Release Date: 2004-12-16

Critical: Moderately critical
Impact: Cross Site Scripting
Where: From remote
Solution Status: Unpatched
Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched Secunia advisories affecting it.

Description:
Paul has discovered a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks.

The vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the "execScript()" function in certain situations. This can be exploited to execute arbitrary script code in a user's browser session in context of an arbitrary site.

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:

http://secunia.com/internet_explorer_cross-site_scripting_vulnerability_test/

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP1/SP2.

Solution:
Set security level to high for the "Internet" zone (disable ActiveX support).

Provided and/or discovered by:
Paul (from greyhats)


Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Introduction


Paul has reported a vulnerability in Internet Explorer, which can be exploited by malicious people to conduct sophisticated cross-site scripting attacks against any web site.

Please see the test below for an example of how this vulnerability can be exploited.

Click the link below in order to test whether or not your system is vulnerable. The test will open a new window, where the address bar writes "https://www.paypal.com/", but the page is actually displaying content from Secunia.

Please note: If you wish to run the test multiple times, then please refresh this page before each test.


Result
You are vulnerable, if a new window is opened displaying a Secunia page, but the address bar is displaying "https://www.paypal.com/".


What should you do?

Please view the appropriate Secunia advisory for information about how you can fix or mitigate the impact of this vulnerability. The Secunia advisory will be updated when the vendor issue patches.

View the Secunia advisory regarding your browser:
- [SA13482] Internet Explorer 6.0

In order to protect yourself, it is a very good idea to stay informed about the latest threats from vulnerabilities in the software you are using.

Secunia offers a free weekly newsletter, which covers the latest threats from vulnerabilities.

To sign-up for the Secunia Weekly Summary, please enter your email address in the field below and submit the form:

penguinz
12-17-2004, 11:22 AM
Is why you should only use IE when forced to.

www.getfirefox.com (http://www.getfirefox.com)

HC_Chief
12-17-2004, 11:28 AM
No, it is why you should disable ActiveX at your firewall.
(but using Firefox for most of your surfing is a good idea ;))