[Seg] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag

Replicas por favor a microsoft.public.es.windowsxp.seguridad

Existe una prueba de concepto en el mismo link de la noticia.





Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed
With Dynamic IFRAME Tag
http://www.securitytracker.com/aler...12891.html


SecurityTracker Alert ID: 1012891
SecurityTracker URL: http://securitytracker.com/id?1012891

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jan 13 2005

Impact: Modification of user information

Exploit Included: Yes

Version(s): 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

Description: Rafel Ivgi (The-Insider) reported a vulnerability in
Microsoft Internet Explorer (IE) on Windows XP SP2. A remote user can
bypass the file download security warning mechanism.

A remote user can create HTML containing a specially crafted BODY tag
with an onclick event that invokes the createElement method to
dynamically create an IFRAME window with an executable file source.
When the HTML is loaded and the target user clicks anywhere within the
body, the referenced executable file source will be downloaded without
presenting the target user with the XP SP2 file download warning
message.

Impact: A remote user can bypass the Windows XP SP2 file download
security mechanism.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (XP)

Underlying OS Comments: XP SP2

Reported By: "The Insider"

Message History: None.


Copyright 2004, SecurityGlobal.net LLC


Galería de imagenes Ubuntu Linux (Español).
http://www.ubuntu-es.org/image

Replicas por favor a microsoft.public.es.windowsxp.seguridad

Existe una prueba de concepto en el mismo link de la noticia.





Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed
With Dynamic IFRAME Tag
http://www.securitytracker.com/aler...12891.html


SecurityTracker Alert ID: 1012891
SecurityTracker URL: http://securitytracker.com/id?1012891

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jan 13 2005

Impact: Modification of user information

Exploit Included: Yes

Version(s): 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

Description: Rafel Ivgi (The-Insider) reported a vulnerability in
Microsoft Internet Explorer (IE) on Windows XP SP2. A remote user can
bypass the file download security warning mechanism.

A remote user can create HTML containing a specially crafted BODY tag
with an onclick event that invokes the createElement method to
dynamically create an IFRAME window with an executable file source.
When the HTML is loaded and the target user clicks anywhere within the
body, the referenced executable file source will be downloaded without
presenting the target user with the XP SP2 file download warning
message.

Impact: A remote user can bypass the Windows XP SP2 file download
security mechanism.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (XP)

Underlying OS Comments: XP SP2

Reported By: "The Insider"

Message History: None.


Copyright 2004, SecurityGlobal.net LLC


Galería de imagenes Ubuntu Linux (Español).
http://www.ubuntu-es.org/image