[Seg] Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed With Dynamic IFRAME Tag

14/01/2005 - 12:28 por Ubuntu | Informe spam
Replicas por favor a microsoft.public.es.windowsxp.seguridad

Existe una prueba de concepto en el mismo link de la noticia.





Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed
With Dynamic IFRAME Tag
http://www.securitytracker.com/aler...12891.html


SecurityTracker Alert ID: 1012891
SecurityTracker URL: http://securitytracker.com/id?1012891

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jan 13 2005

Impact: Modification of user information

Exploit Included: Yes

Version(s): 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

Description: Rafel Ivgi (The-Insider) reported a vulnerability in
Microsoft Internet Explorer (IE) on Windows XP SP2. A remote user can
bypass the file download security warning mechanism.

A remote user can create HTML containing a specially crafted BODY tag
with an onclick event that invokes the createElement method to
dynamically create an IFRAME window with an executable file source.
When the HTML is loaded and the target user clicks anywhere within the
body, the referenced executable file source will be downloaded without
presenting the target user with the XP SP2 file download warning
message.

Impact: A remote user can bypass the Windows XP SP2 file download
security mechanism.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (XP)

Underlying OS Comments: XP SP2

Reported By: "The Insider" <the_insider@mail.com>

Message History: None.


Copyright 2004, SecurityGlobal.net LLC


Galería de imagenes Ubuntu Linux (Español).
http://www.ubuntu-es.org/image
 

Leer las respuestas

#1 JM Tella Llop [MVP Windows]
14/01/2005 - 16:05 | Informe spam
Aparte de "agorero" y para "agorero" ya tuvimos al Ille C*rvus y hubo
que echarlo, y supongo que eres el mismo perro con otro collar.
¿aportas alguna soluciona a CUALQUIER TEMA de XP? ¿o a cualquier
pregunta de XP o de seguridad?...

Veo que no.

Entonces ¿vales para algo mas?. venga... con dos cojones:
demuestralo. Ayuda a alguien.

Jose Manuel Tella Llop
MVP - Windows
(quitar XXX)
http://www.multingles.net/jmt.htm

Este mensaje se proporciona "como está" sin garantías de ninguna clase,
y no otorga ningún derecho.

This posting is provided "AS IS" with no warranties, and confers no
rights.
You assume all risk for your use.



"Ubuntu" wrote in message
news:41e7ad46$0$48329$
Replicas por favor a microsoft.public.es.windowsxp.seguridad

Existe una prueba de concepto en el mismo link de la noticia.





Microsoft IE Windows XP SP2 File Download Security Can Be Bypassed
With Dynamic IFRAME Tag
http://www.securitytracker.com/aler...12891.html


SecurityTracker Alert ID: 1012891
SecurityTracker URL: http://securitytracker.com/id?1012891

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)
Date: Jan 13 2005

Impact: Modification of user information

Exploit Included: Yes

Version(s): 6.0.2900.2180.xpsp_sp2_rtm.040803-2158

Description: Rafel Ivgi (The-Insider) reported a vulnerability in
Microsoft Internet Explorer (IE) on Windows XP SP2. A remote user can
bypass the file download security warning mechanism.

A remote user can create HTML containing a specially crafted BODY tag
with an onclick event that invokes the createElement method to
dynamically create an IFRAME window with an executable file source.
When the HTML is loaded and the target user clicks anywhere within the
body, the referenced executable file source will be downloaded without
presenting the target user with the XP SP2 file download warning
message.

Impact: A remote user can bypass the Windows XP SP2 file download
security mechanism.

Solution: No solution was available at the time of this entry.

Vendor URL: www.microsoft.com/ (Links to External Site)

Cause: Access control error

Underlying OS: Windows (XP)

Underlying OS Comments: XP SP2

Reported By: "The Insider"

Message History: None.


Copyright 2004, SecurityGlobal.net LLC


Galería de imagenes Ubuntu Linux (Español).
http://www.ubuntu-es.org/image

Preguntas similares