Another 9 Exploits Found in IE - F-Secure Weblog : News from the Lab - hzgn.com

HZGN.COM
welcome to my space

hzgn.com

HOME

Causes and Organizations

Regulatory Compliance

Gadgets and Gizmos

Computer Forensics

Tools and Equipment

HOME

Another 9 Exploits Found in IE

Published by: cfz 2009-01-05

A performance-boosting feature found in Microsoft's Internet Explorer 5.5 and 6 has opened up nine vulnerabilities that can leave a user's PC wide open for remote exploit, according to the company that found the breach earlier this month.

Previous IE versions, as well as IE 6.1 are unaffected by the flaw, said officials at GreyMagic Software Tuesday, the Israeli firm who discovered the flaw. Last week, the company publicized a flaw in IE 5.5 and 6 that lets hackers steal Web cookies from Web sites and forge content to read local files and execute programs in the Document Object Model (DOM).

Microsoft officials were unaware of the vulnerability at press time. After last week's flaw was published, they berated GreyMagic for not giving their own engineers time to investigate the vulnerability.

F-Secure Weblog : News from the Lab::
The first is an attempt to exploit a Microsoft MDAC RDS. the way the ActiveX Control interacts with the IE browser to provide remote attackers complete
http://www.f-secure.com/weblog/HOME

Tuesday's nine vulnerabilities all find their root in object caching, which performs security checks when people visit Web sites. In the time it takes for one page to unload and the other to load, these security checks determine whether both pages are in the same security zone and domain.

Crit.org::
Some useful citizen has created an installer that will nail IE with . Another Dangerous Browser Domain Name Exploit No popular articles found.
http://www.crit.org/categories/Exploits/HOME

The problem, according to GreyMagic engineers, is that objects that are supposed to be inaccessible when the pages are unloaded and the references stored become open to exploit. In essence, the assumed-to-be-inaccessible pages are now interoperable with other documents, such as the attacker's page found on his or her site.

Viruslist.com - Analyst's Diary::
SWF exploits. Here is the list of files that I found: WIN 9,0115,0i.swf The plug-in is browser independent and attacks both IE and Firefox.
http://www.viruslist.com/en/weblog?page=1HOME

[EXPL] Internet Explorer VML Buffer Overflow Download Exec (Exploit)::
Sep 21, 2006 The second problem was "fixed" using another char and then . sent to the securiteam mailing list, and can be found at the SecuriTeam web
http://www.derkeiler.com/Mailing-Lists/Securiteam/2006-09/msg00031.htmlHOME

While the object caching vulnerability affects one area of the Web browser, there are nine separate methods for exploitation. Following are the methods and their potential impact. GreyMagic also published the exploits to compromise the vulnerability, but internetnews.com does not publish exploits:

showModalDialog - Full access in IE 5.5, "My Computer" zone access in IE 6.
external - Full DOM access on both versions.
createRange - Full DOM access on both versions.
elementFromPoint - Full DOM access on both versions.
getElementById - Full DOM access on both versions.
getElementsByName - Full DOM access on both versions.
getElementsByTagName - Full DOM access on both versions.
execCommand - read access to the loaded document.
clipboardData - read/write access to the clipboard, regardless of settings.

GreyMagic engineers recommend disabling Active Scripting until a patch is released, or upgrading to IE 6.1.

Massive DDoS Attack Hit DNS Root Servers
Web Vandalism on the Rise