Computer Security
[EN] securityvulns.ru no-pyccku


Related information

  Launichng programs via OBJECT tag and scripting via cookies in Microsoft Internet Explorer

  O UT LO OK  E  XPRE SS 6 .00 : broken

  Using the backbutton in IE is dangerous

  Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)

  IE execution of arbitrary commands without Active Scripting or              ActiveX (GM#001-IE)

From:MICROSOFT <secure_(at)_microsoft.com>
Date:29.03.2002
Subject:Security Bulletin MS02-015

- ----------------------------------------------------------------------
Title:      28 March 2002 Cumulative Patch for Internet Explorer
Date:       28 March 2002
Software:   Internet Explorer
Impact:     Two vulnerabilities, the most serious of which
           would allow script to run in the Local Computer Zone.
Max Risk:   Critical
Bulletin:   MS02-015

Microsoft encourages customers to review the Security Bulletin at:
http://www.microsoft.com/technet/security/bulletin/MS02-015.asp.
- ----------------------------------------------------------------------

Issue:
======
This is a cumulative patch that includes the functionality of all
previously released patches for IE 5.01, 5.5 and IE 6. In addition,
it eliminates the following two newly discovered vulnerabilities:

- A vulnerability in the zone determination function that could
  allow a script embedded in a cookie to be run in the Local
  Computer zone. While HTML scripts can be stored in cookies,
  they should be handled in the same zone as the hosting site
  associated with them, in most cases the Internet zone. An
  attacker could place script in a cookie that would be saved
  to the user's hard disk. When the cookie was opened by the
  site the script would then run in the Local Computer zone,
  allowing it to run with fewer restrictions than it would
  otherwise have.

- A vulnerability in the handling of object tags that could
  allow an attacker to invoke an executable already present
  on the user's machine. A malicious user could create HTML
  web page that includes this object tag and cause a local
  program to run on the victim's machine.

Mitigating Factors:
====================
Cookie-based Script Execution:

- The script would run with the same rights as the user.
  The specific privileges the attacker could gain through
  this vulnerability would therefore depend on the
  privileges accorded to the user. Any limitations on a
  user's account, such as those applied through Group
  Policies, would also limit the actions of any script
  executed by this vulnerability.

Local Executable Invocation via Object tag:

- The vulnerability would not enable the attacker to pass
  any parameters to the program. Microsoft is not aware of
  any programs installed by default in any version of
  Windows that, when called with no parameters, could be
  used to compromise the system.

- An attacker could only execute a file on the victim's
  local machine. The vulnerability could not be used to
  execute a program on a remote share or web site.

- The vulnerability would not provide any way for an
  attacker to put a program of his choice onto another
  user's system.

- An attacker would need to know the name and location
  of any executable on the system to successfully invoke it.

- Outlook 98 and 2000 (after installing the Outlook Email
  Security Update), Outlook 2002, and Outlook Express 6 all
  open HTML mail in the Restricted Sites Zone. As a result,
  customers using these products would not be at risk from
  email-borne attacks.

Risk Rating:
============
- Internet systems: Critical
- Intranet systems: Critical
- Client systems: Critical

Patch Availability:
===================
- A patch is available to fix this vulnerability. Please read the
  Security Bulletin at
  http://www.microsoft.com/technet/security/bulletin/ms02-015.asp
  for information on obtaining this patch.

Acknowledgment:
===============
- Andreas Sandblad, Sweden for reporting the Cookie-based Script
  Execution issue

- ---------------------------------------------------------------------

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS
PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS
ALL
WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
IN NO EVENT
SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY
DAMAGES
WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL,
LOSS OF
BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR
ITS
SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME
STATES DO
NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL
OR
INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod