TUCoPS :: Browsers :: ie94~1.txt

Two MSIE 4.x/5.x vulnerabilities




    Microsoft Internet Explorer 4.x, 5.x


    Following is  based on  a Microsoft  Security Bulletin (MS00-055).
    This issue was discovered by Juan Carlos Garcia Cuartango.   There
    are two vulnerabilities at issue here:

    - The  "Scriptlet Rendering"  vulnerability.   The ActiveX control
      that is used  to invoked scriptlets  is essentially a  rendering
      engine for HTML.  However, it will render any file type,  rather
      than  rendering  HTML  files  only.   This  opens  the door to a
      scenario in which  a malicious web  site operator could  provide
      bogus information consisting of  script, solely for the  purpose
      of introducing it into an IE system file with a known name, then
      use the Scriptlet  control to render  the file.   The net effect
      would be to make the script  run in the Local Computer Zone,  at
      which  point  it  could  access  files  on the user's local file

    - A new variant of the "Frame Domain Verification"  vulnerability.
      As  discussed  in  Microsoft  Security  Bulletin  MS00-033,  two
      functions do not enforce proper separation of frames in the same
      window  that  reside  in  different  domains.   The  new variant
      involves an  additional function  with the  same flaw.   The net
      effect of the vulnerability would  be to enable a malicious  web
      site operator to open two frames, one in his domain and  another
      on the user's local file  system, and enable the latter  to pass
      information to the former.

    In order  to exploit  either vulnerability,  a malicious  web site
    operator would need to  know or guess the  exact name and path  of
    each file he wanted to view.   Even then, he could only view  file
    types that can be opened in a browser window - for instance,  .txt
    or .doc files, but not .exe or  .dat files.  If the web site  were
    in  a  Zone  in  which  Active  Scripting  were  disabled, neither
    vulnerability could be exploited.


    Patch availability


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH