(US-CERT Issues Advisory) Microsoft Internet Explorer Cross-Domain
Redirect Hole Lets Remote Users Execute Arbitrary Code
http://www.securitytracker.com/aler...10479.html
Impact: Execution of arbitrary code via network, User access via
network
Exploit Included: Yes
Advisory: CERT (Computer Emergency Response Team)
Version(s): 6 and prior versions
Description: US-CERT issued an advisory for a vulnerability in
Microsoft Internet Explorer (IE) that is being actively exploited in
the wild. A remote user can execute arbitrary code on the target
system.
The exploit takes advantage of a vulnerability in IE in the processing
of HTTP redirections. A remote user can create specially crafted HTML
that, when loaded by the target user, will execute arbitrary code on
the target system in the security context of the Local Computer zone.
Fully patched systems are vulnerable.
A web server can return an HTTP 302 Redirect command to load a local
file in an iframe with the following type of Location header:
Location: URL:ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm
Through a series of scripting steps, remotely supplied HTML can be
executed in the Local Computer zone.
The exploit was described by Rafel Ivgi
(
http://archives.neohapsis.com/archi.../0031.html
and
http://archives.neohapsis.com/archi.../0104.html)
and further analyzed by Jelmer (http://62.131.86.111/analysis.htm).
The exploit also invokes a previously reported IE ADODB.Stream
vulnerability (that remains unpatched) to execute code on the target
system.
The US-CERT advisory is available at:
http://www.us-cert.gov/cas/techalerts/TA04-163A.h tml
Impact: A remote user can cause arbitrary code to be executed on the
target user's system.
Solution: No solution was available at the time of this entry.
Vendor URL: www.microsoft.com/technet/security/ (Links to External
Site)
Cause: Access control error
Underlying OS: Windows (Any)
Meritorios de Filtrado (Kill-File Global):
tella llop, jm (N.B. 2003.10.25)
"El software propietario sera solo para los que lo puedan pagar."
"El software libre es para toda la Humanidad."
Leer las respuestas