TUCoPS :: Browsers :: expl5349.htm

Internet Explorer Still Download And Execute ANY Program Automatically
17th May 2002 [SBWID-5349]
COMMAND

	Microsoft Internet Explorer  Still  Download  And  Execute  ANY  Program
	Automatically
	

	

SYSTEMS AFFECTED

	 Windows NT 4.0 Workstation + SP6a

	 + IE 6 + all available fixes [Japanese version]

	 

	 Windows NT 4.0 Workstation + SP6a + Windows Media Player 6.4  

	 + IE 6 + all available fixes [Japanese version]

	   

	 Windows 2000 Professional + SP2 + SRP1 + Windows Media Player 6.4

	 + IE 6 + all available fixes [Japanese version]

	

	 Windows 2000 Professional + SP2 + SRP1 + Windows Media Player 6.4

	 + IE 5.01 SP2 + all available fixes [Japanese version]

	

	 Windows 98 +  Windows 98 System Update + Windows Media Player 6.4

	 + IE 6 + all available fixes [Japanese version] 

	

	 Windows 2000 Professional + SP2 + SRP1 + Windows Media Player 7.1

	 + IE 6 + Office 2000 SR-1 + all available fixes [Japanese version]

	

PROBLEM

	In   Yuu   Arai   of   SNS    Computer    Security    Laboratory,    LAC
	[http://www.lac.co.jp/security/] advisory [#48] :
	

	Microsoft Internet Explorer contains a vulnerability  which  allows  for
	downloading  of  a  file  and  its  automatic  execution  under  several
	circumstances  without  the  knowledge  of  the  user.  If  a  malicious
	webmaster creates a  website  containing  malicious  contents  that  can
	exploit this problem, and if the  user  has  access  to  these  contents
	using Internet Explorer  under  specific  environments,  then  arbitrary
	programs  specified  by  the   administrator   will   be   automatically
	downloaded and executed on the user\'s system.
	

	 Problem Description:

	 --------------------

	 

	A vulnerability exists in Microsoft Internet Explorer which  could  lead
	to  automatic  downloading  and  execution  of  a  file  under   several
	environments. This can be achieved when a user views contents  including
	the following header in HTTP responses:
	

	  Content-Type: audio/x-ms-wma

	  Content-disposition: inline; filename=\"foo.exe\"

	

	It is important to note that the above-mentioned description is just  an
	example and that  this  vulnerability  has  been  confirmed  exploitable
	using other Content-Type: headers, such as Content-Type: audio/midi.

SOLUTION

	This problem can  be  eliminated  by  applying  a  patch  based  on  the
	information provided by Microsoft Security Bulletin MS02-023 :
	

	http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-023.asp

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH