Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise

04/01/2005 - 20:45 por Santiago José Carrión | Informe spam
quedamucho para arreglarlo...solo pregunto :-)


Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise
http://www.securiteam.com/windowsnt...2KC0C.html

Summary
Although hundreds of millions of dollars have been spent on securing
SP2, perfection is impossible. Through the joint effort of Michael
Evanchik and Paul from Greyhats Security, a very critical
vulnerability has been developed that can compromise a user's system
without the need for user interaction besides visiting the malicious
page. The vulnerability is not actually a vulnerability in itself, but
rather it is uses multiple known holes in SP2 including Help ActiveX
Control Related Topics Zone Security Bypass Vulnerability and Help
ActiveX Control Related Topics Cross Site Scripting Vulnerability.

Credit:
The information has been provided by Paul.
The original article can be found at:
http://www.greyhatsecurity.org/sp2rc-analysis.htm

Details
Vulnerable Systems:
* Microsoft Internet Explorer 6.0
* Microsoft Windows XP Pro SP2
* Microsoft Windows XP Home SP2

Technical details and Explanation
1. Create a web page with the following code:

[...]
 

Leer las respuestas

#1 Mr Big Dragon
04/01/2005 - 21:29 | Informe spam
Puede ser que tenga Agujeros,

Pero nadie puede negar que un Sistema con SP2 es mucho mas seguro que uno
sin SP2.



Saludos
Mr Big Dragon


"Santiago José Carrión" wrote in
message news:
quedamucho para arreglarlo...solo pregunto :-)


Microsoft Internet Explorer XP SP2 Fully Automated Remote Compromise
http://www.securiteam.com/windowsnt...2KC0C.html

Summary
Although hundreds of millions of dollars have been spent on securing
SP2, perfection is impossible. Through the joint effort of Michael
Evanchik and Paul from Greyhats Security, a very critical
vulnerability has been developed that can compromise a user's system
without the need for user interaction besides visiting the malicious
page. The vulnerability is not actually a vulnerability in itself, but
rather it is uses multiple known holes in SP2 including Help ActiveX
Control Related Topics Zone Security Bypass Vulnerability and Help
ActiveX Control Related Topics Cross Site Scripting Vulnerability.

Credit:
The information has been provided by Paul.
The original article can be found at:
http://www.greyhatsecurity.org/sp2rc-analysis.htm

Details
Vulnerable Systems:
* Microsoft Internet Explorer 6.0
* Microsoft Windows XP Pro SP2
* Microsoft Windows XP Home SP2

Technical details and Explanation
1. Create a web page with the following code:

[...]

Preguntas similares