Results 1 to 2 of 2

Thread: IE hole could be used to open back door

  1. #1
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584

    Exclamation IE hole could be used to open back door

    An attacker could trick a user of Microsoft Corp.'s Internet Explorer (IE) Web browser into downloading and running a malicious program by disguising it as an innocent file, a Finnish security company has warned.

    The file name as it appears in the IE file download dialog box can be faked by using certain URL and HTTP headers on a Web page, making the user think he is opening a media file when in fact he is installing a "back door" on his PC, according to Oy Online Solutions Ltd. A back door is a program that can be used by hackers to enter a user's PC.

    IE won't show the warnings it typically displays when a program file is downloaded or opened, because the .exe file extension may have been hidden or replaced with another such as .txt or .htm. The file is run without any warnings because IE, just as the user, thinks it is a harmless file, Oy Online Solutions said.

    Details of the vulnerability were first released on the Bugtraq mailing list in late November. Microsoft at the time did not consider it a flaw, but will now release a patch, Jyrki Salmi, managing director of the Finnish Internet security company, said on Thursday.

    "Microsoft has forwarded us the initial patch. It appears to be working and should be available next week," he said.

    Salmi declined to say why Microsoft changed its mind. It has been suggested that the vulnerability could be exploited to automatically download and run programs on a user's PC, without even showing a faked file name in a dialog box. Salmi wouldn't confirm or deny this, saying only that it would become clear when the patch is released.

    Affected are IE 5.0, 5.5 and 6, according to Salmi. Users are advised to disable file downloading or be very cautions about downloading files until the patch becomes available, said Salmi.

    In general, users should be careful when downloading files from untrusted Web sites, Salmi said, adding that a trusted site could be hacked and thus dangerous as well.

    Besides back doors, the vulnerability could also be exploited to install tools used in distributed denial of service (DDoS) attacks, format hard disks, or spread viruses, the Finnish security company said.

    Source: CNN

  2. #2

    Wink Re: IE hole could be used to open back door

    Originally posted by s0nIc

    "Microsoft has forwarded us the initial patch. It appears to be working and should be available next week," he said.

    Source: CNN

    For those of you who still feel the need to use IE, you can download the patch here

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •