**heads Up** New Ie Flaws
Results 1 to 2 of 2

Thread: **heads Up** New Ie Flaws

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    **heads Up** New Ie Flaws

    Greeting's

    I found this on SANS. There are 2 new internet explorer vulnerabilities disclosed including PoC.
    one of the vulnerabilities can be reproduced in firefox too.


    critically rated IE vulnerability in the use of HTA applications (CLSID 3050f4d8-98B5-11CF-BB82-00AA00BDCE0B) to trick a user into opening a file by double clicking it. The file has to be accessible through either SMB or, according to the advisory, WebDAV, and can be located on a remote site. The currently available version of PoC that was published is limited in that it requires the user to double click on an icon to execute a potentially malicious payload, but we can expect to find creative use of this exploit in the wild very soon. The workaround for this appears to be disabling active scripting.


    THIS ONE IS TOO NASTY

    The second vulnerability is related to the handling of the object.documentElement.outerHTML property. The abuse of this property will allow an attacker to retrieve remote content in the context of the web page which is being currently viewed by the user. This vulnerability can be potentially nasty as attackers can use it to retrieve data from other web sites user is logged into (for example, webmail) and harvest user credentials. Several handlers have spent a little more time validating this particular issue and while it is a subtle exploit and rated a lower level risk, this issue has raised some of our neck hairs.
    Regarding the second vulnerability, what's interesting is that we were able to reproduce this even when using Mozilla FireFox.


    You can find more information here : http://isc.sans.org/diary.php?storyid=1448&rss

    To test your browser go to this link : http://secunia.com/internet_explorer...erability_test

    I recently read a thread about sandboxie, I think all members should have a loot at it at : http://www.sandboxie.com/
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    Here is some update.


    UPDATE 06/30/06
    After doing more research on this vulnerability and with great help from our readers (thanks to Dan and another reader) it seems that Mozilla Firefox is not affected by this vulnerability.

    The (obvious) reason for this is that Firefox doesn't support the outerHTML property at all (innerHTML property is supported). As this property is not supported, the original context can't get any data from the HTML that was loaded into the <object> tag.

    If you test this with the original PoC posted on Full Disclosure, you can notice that Firefox will load the target web page into the object tag, but the alert call (which is in the original context) will not be able to get any data. If you use Internet Explorer 6 this is not the case as the original context script can access data that was loaded into the object tag.

    The fact that Firefox displays the target web page has nothing to do with this vulnerability (apart from the fact that it can confuse the user, but that's another story); so in this context it's no different than using an iframe.

    Internet Explorer 7 is also not affected by this vulnerability.
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •