SLCentral - Your logical choice for computing and technology
Latest Deals   
Navigation
  • Home
  • Search
  • Forums
  • Hardware
  • Games
  • Tech News
  • Deals
  • Prices
  • A Guru's World
  • CPU/Memory Watch
  • Site Info
  • SL Newsletter
    Recieve bi-weekly updates on news, new articles, and more


    Forum home My SLBoards (Control Panel)View the calendar View the members list Read the FAQ Search the forums

    Go Back   SLCentral Forum > Technology > Hardcore Techies Only
    User Name
    Password


    Reply
     
    Thread Tools Search this Thread Display Modes
      #1  
    Old 12-14-01, 10:01 AM
    Dan's Avatar
    Dan Dan is offline
    SLTrout
     
    Join Date: Nov 2001
    Location: Charlotte, NC
    Posts: 296
    Dan is off the scale
    Send a message via ICQ to Dan
    Default Cumulative IE Patch

    I encourage everyone to pick up the latest IE patch from MS... Another band-aid for some of the many flaws in the browser.

    Check it out here:

    http://www.microsoft.com/technet/se...in/MS01-058.asp
    __________________
    MSI 875P NEO-LSR Mainboard - Intel P4C 3.0Ghz (800Mhz FSB) - 2 x OCZ PC4000 512MB DIMMs - 4 x WD800JB 80GB/8MB Cache (RAID 0+1) - SB Audigy Platinum eX - ATi Radeon 9800 Pro AIW - Sony Trinitron 19" - Windows Server 2003 Enterprise
    Reply With Quote
      #2  
    Old 12-14-01, 10:03 AM
    Dan's Avatar
    Dan Dan is offline
    SLTrout
     
    Join Date: Nov 2001
    Location: Charlotte, NC
    Posts: 296
    Dan is off the scale
    Send a message via ICQ to Dan
    Default

    Quote:
    This posting is a revision of the one sent to Bugtraq on 26 Nov 2001 with the subject "File extensions spoofable in Microsoft IE download dialog" and discusses some details and newly found impacts the vulnerability has.



    OVERVIEW

    Due to a flaw in the way Microsoft Internet Explorer handles certain HTTP reply strings, a web site can spoof the name of a file being requested and disguise it as a harmless file. As opposed to what I stated in the previous posting, a variation of this exploit may cause the browser to download and run a program file automatically without any user interaction or decision. This may lead to system compromise when visiting a malicious web site or opening an HTML mail message which directs the user to such site. Opening an e-mail attachment or accepting a file download is NOT required.

    With some versions of IE, the origin web server of the file being downloaded can also be hidden by using a variation of this exploit. In this case it will show and empty string instead of the host name in the download dialog.

    Internet Explorer versions 6, 5.5, and 5.0 have been tested and found vulnerable. The only version which hasn't automatically downloaded and started an .exe program in our tests is is 5.5 with Service Pack 2. We don't know whether it could be vulnerable to some other variation of the exploit (different MIME types or other HTTP header contents maybe?). It is however vulnerable to the "plain" file name spoofing attack.



    VULNERABLE VERSIONS

    IE File ext Bypassing Hiding file
    Version spoofing all dialogs origin
    ----------------------------------------------------------
    IE 6 yes yes no
    IE 5.5 SP2 yes no? yes
    IE 5.5 yes yes yes
    IE 5.0 yes yes



    DETAILS

    The problem is in the way Internet Explorer handles the Content-type and Content-disposition HTTP headers of a web server reply. With certain combinations of specially crafted reply strings, the browser can be made first to start downloading the file without asking for confirmation from the user, and then to open it - or in this case, run it.

    The same method which can mislead the user in the "plain" file name spoof variation of the attack can be used to mislead the browser's logics resulting in automatical execution of the program.



    WORKAROUNDS

    If the patch for some reason couldn't be applied, disabling file downloads from Tools -> Internet options -> Security -> Custom level -> Downloads/File download seems to stop the exploit. No other known workarounds exist at the moment, except from switching to another browser such as Opera or Netscape, which don't seem to suffer from this problem.



    VENDOR STATUS

    Microsoft was initially contacted on November 19th with the information regarding the "file extension spoofing" problem. The Security Warning dialogs of IE5 could be bypassed with that exploit, but the "automatically start an .exe" variation of the vulnerability wasn't known at the time. Microsoft didn't consider the file extension spoofing problem a security vulnerability. The company was informed about the new variation on November 27th and started working on a patch to correct the flaw. The patch is now out and downloadable on Microsoft's site at the above url
    __________________
    MSI 875P NEO-LSR Mainboard - Intel P4C 3.0Ghz (800Mhz FSB) - 2 x OCZ PC4000 512MB DIMMs - 4 x WD800JB 80GB/8MB Cache (RAID 0+1) - SB Audigy Platinum eX - ATi Radeon 9800 Pro AIW - Sony Trinitron 19" - Windows Server 2003 Enterprise
    Reply With Quote
      #3  
    Old 12-14-01, 03:24 PM
    rstarr's Avatar
    rstarr rstarr is offline
    Senior Member
     
    Join Date: May 2001
    Location: Fort Knox, KY
    Posts: 543
    rstarr is off the scale
    Default

    I hope that this workaround is the last we will need. It seems MS has had alot of problems lately with vulnerablities. But I'm sure something else will "pop" up and we'll be back at updating again.
    __________________
    Serious Soldier

    Reply With Quote
    Reply


    Thread Tools Search this Thread
    Search this Thread:

    Advanced Search
    Display Modes

    Posting Rules
    You may not post new threads
    You may not post replies
    You may not post attachments
    You may not edit your posts

    vB code is On
    Smilies are On
    [IMG] code is On
    HTML code is Off
    Forum Jump



    All times are GMT -8. The time now is 05:22 AM.

    Archive - Search Engine Friendly URLs by vBSEO 3.0.0 RC6 © 2006, Crawlability, Inc. Top
    Browse the various sections of the site
    Hardware
    Reviews, Articles, News, All Reviews...
    Gaming
    Reviews, Articles, News...
    Regular Sections
    A Guru's World, CPU/Memory Watch, SLDeals...
    SLBoards
    Forums, Register(Free), Todays Discussions...
    Site Info
    Search, About Us, Advertise...
    Powered by: vBulletin Version 3.0.1
    Copyright ©2000 - 2018, Jelsoft Enterprises Ltd. Search Engine Friendly URLs by vBSEO 3.0.0 RC6 © 2006, Crawlability, Inc.
    Legal | Advertising | Site Info