Explorer MUY VULNERABLE

09/11/2004 - 14:47 por hptella | Informe spam
Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability

Secunia Advisory: SA13124 Print Advisory
Release Date: 2004-11-09

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
files.

The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Disable Active Scripting Support.

Provided and/or discovered by:
Benjamin Tobias Franz


Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.

Preguntas similare

Leer las respuestas

#1 JM Tella Llop [MVP Windows]
09/11/2004 - 15:00 | Informe spam
Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"HP Tella LLop [MVI Windows[" wrote in message news:
Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability

Secunia Advisory: SA13124 Print Advisory
Release Date: 2004-11-09

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
files.

The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Disable Active Scripting Support.

Provided and/or discovered by:
Benjamin Tobias Franz


Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.

Respuesta Responder a este mensaje
#2 José Gallardo
09/11/2004 - 15:08 | Informe spam
El lumbreras este se ha lucido esta vez. No sólo ha falsificado, sino que
además la falsificación es cutre cutre. ¡Eso es caer bajo!


"JM Tella Llop [MVP Windows]" escribió en el mensaje
news:


Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no
otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"HP Tella LLop [MVI Windows[" wrote in message
news:
Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability

Secunia Advisory: SA13124 Print Advisory
Release Date: 2004-11-09

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
files.

The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Disable Active Scripting Support.

Provided and/or discovered by:
Benjamin Tobias Franz


Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.

Respuesta Responder a este mensaje
#3 JM Tella Llop [MVP Windows]
09/11/2004 - 15:11 | Informe spam
Ha intentado que sea cutre (PLG)

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"José Gallardo" wrote in message news:
El lumbreras este se ha lucido esta vez. No sólo ha falsificado, sino que
además la falsificación es cutre cutre. ¡Eso es caer bajo!


"JM Tella Llop [MVP Windows]" escribió en el mensaje
news:


Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no
otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"HP Tella LLop [MVI Windows[" wrote in message
news:
Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability

Secunia Advisory: SA13124 Print Advisory
Release Date: 2004-11-09

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
files.

The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Disable Active Scripting Support.

Provided and/or discovered by:
Benjamin Tobias Franz


Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.





Respuesta Responder a este mensaje
#4 Enrique [MVP Windows]
09/11/2004 - 15:29 | Informe spam
X-HTTP-Posting-Host: 61-222-216-46.HINET-IP.hinet.net
NNTP-Posting-Host: us-8.34web.com 216.40.249.48



Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
(quita la Z)

Instala ya mismo el Service Pack 2 (SP2), la actualización más importante para Windows XP, que
incluye todas las actualizaciones críticas hasta la fecha y protegerá tu seguridad en general
gracias a Windows Security Center. Haz clic en el siguiente enlace:
http://www.microsoft.com/downloads/...p;FamilyID9c9dbe-3b8e-4f30-8245-9e368d3cdb5a

Este mensaje se proporciona "como está", sin garantías de ninguna clase y no otorga ningún
derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.

"José Gallardo" escribió en el mensaje
news:
El lumbreras este se ha lucido esta vez. No sólo ha falsificado, sino que
además la falsificación es cutre cutre. ¡Eso es caer bajo!


"JM Tella Llop [MVP Windows]" escribió en el mensaje
news:


Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no
otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"HP Tella LLop [MVI Windows[" wrote in message
news:
Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability

Secunia Advisory: SA13124 Print Advisory
Release Date: 2004-11-09

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
files.

The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Disable Active Scripting Support.

Provided and/or discovered by:
Benjamin Tobias Franz


Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.

Respuesta Responder a este mensaje
#5 JM Tella Llop [MVP Windows]
09/11/2004 - 15:37 | Informe spam
es el proxy socks de siempre.

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"Enrique [MVP Windows]" wrote in message news:
X-HTTP-Posting-Host: 61-222-216-46.HINET-IP.hinet.net
NNTP-Posting-Host: us-8.34web.com 216.40.249.48



Saludos,
Enrique Cortés
Microsoft MVP - Windows - IE/OE
(quita la Z)

Instala ya mismo el Service Pack 2 (SP2), la actualización más importante para Windows XP, que
incluye todas las actualizaciones críticas hasta la fecha y protegerá tu seguridad en general
gracias a Windows Security Center. Haz clic en el siguiente enlace:
http://www.microsoft.com/downloads/...p;FamilyID9c9dbe-3b8e-4f30-8245-9e368d3cdb5a

Este mensaje se proporciona "como está", sin garantías de ninguna clase y no otorga ningún
derecho.
This posting is provided "AS IS" with no warranties, and confers no rights.

"José Gallardo" escribió en el mensaje
news:
El lumbreras este se ha lucido esta vez. No sólo ha falsificado, sino que
además la falsificación es cutre cutre. ¡Eso es caer bajo!


"JM Tella Llop [MVP Windows]" escribió en el mensaje
news:


Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase, y no
otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use.



"HP Tella LLop [MVI Windows[" wrote in message
news:
Microsoft Internet Explorer "res:" URI Handler File Identification
Vulnerability

Secunia Advisory: SA13124 Print Advisory
Release Date: 2004-11-09

Critical:
Not critical
Impact: Exposure of system information
Where: From remote
Solution Status: Partial Fix

Software: Microsoft Internet Explorer 6

Select a product and view a complete list of all Patched/Unpatched
Secunia advisories affecting it.

Description:
Benjamin Tobias Franz has discovered a vulnerability in Internet Explorer,
which can be exploited by malicious sites to detect the presence of local
files.

The problem is that an "Access is Denied" error will be returned if a site
in the "Internet" zone tries to open an existing local file in the search
window using the "res:" URI handler. This can be exploited to determine
the presence of specific programs or files in the system directories and
on the desktop.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0 and Microsoft Windows XP SP1.

Solution:
The vulnerability does not affect systems running Windows XP with SP2
installed.

Disable Active Scripting Support.

Provided and/or discovered by:
Benjamin Tobias Franz


Please note: The information, which this Secunia Advisory is based upon,
comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued
by security research groups, vendors, and others.





Respuesta Responder a este mensaje
Ads by Google
Help Hacer una preguntaSiguiente Respuesta Tengo una respuesta
Search Busqueda sugerida