2005-01-09

"Extremely critical" IE6/SP2 Exploit Found

Another day, and brings another not-so-cheerful news...

Secunia is reporting three vulnerabilities in IE6 running on XP SP2. Any of these, in combination with an inappropriate behaviour where the ActiveX Data Object (ADO) model can write arbitrary files, can be exploited to compromise a user's system. Moreover, the vulnerability can be used to delete files from the user's system
  1. Insufficient validation of drag and drop events from the "Internet" zone to local resources for valid images or media files with embedded HTML code. This can be exploited by e.g. a malicious web site to plant arbitrary HTML documents on a user's system, which may allow execution of arbitrary script code in the "Local Computer" zone
  2. A security site / zone restriction error, where an embedded HTML Help control on e.g. a malicious web site references a specially crafted index (.hhk) file, can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious javascript URI handler.
  3. security site / zone restriction error in the handling of the "Related Topics" command in an embedded HTML Help control can be exploited by e.g. a malicious website to execute arbitrary script code in the context of arbitrary sites or zones

Secunia has constructed a test, which can be used to check if your browser is affected by this issue:http://secunia.com/internet_explorer_command_execution_vulnerability_test/

Basically, this test uses the ntshared.chm MS-HTML help file, via ActiveX, to call this script [secunia.com], which, in turn, starts a new IE which goes to this site [secunia.com]. What's scary is this test script page from Secunia doesn't say what the test will do on your machine! All it says is "The test requires that you have Windows installed in 'c:/windows/"

Yet another reason to move to Firefox


No comments:

Post a Comment