Date: 06 June 2007
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2007.0381 -- [Win]
Microsoft Internet Explorer cross-domain vulnerability
6 June 2007
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Microsoft Internet Explorer 6 and 7
Publisher: US-CERT
Operating System: Windows
Impact: Access Privileged Data
Cross-site Scripting
Access: Remote/Unauthenticated
Original Bulletin:
http://www.kb.cert.org/vuls/id/471361
http://marc.info/?l=bugtraq&m=118097185402772&w=2
Comment: Note that this race vulnerability is reported also to allow
memory corruption, as per the original Bugtraq post linked above.
Whether this may allow an attacker to execute arbitrary code
has not yet been confirmed.
- --------------------------BEGIN INCLUDED TEXT--------------------
US-CERT Vulnerability Note VU#471361
Microsoft Internet Explorer cross-domain vulnerability
Overview
Microsoft Internet Explorer contains a race condition that results
in a cross-domain violation.
I. Description
Internet Explorer uses a cross-domain security model to maintain
separation between browser frames from different sources. This model
is designed to prevent code in one domain from accessing data in a
different domain. The Internet Security Manager Object determines
which zone or domain a URL exists in and what actions can be performed.
A race condition in Internet Explorer may allow an attacker to evade
the cross-domain security model. Note that Internet Explorer 6 and
Internet Explorer 7 are affected by this vulnerability.
II. Impact
A website in one domain has the ability to access information in
another domain. The website may also be able to execute scripts or
take other actions that are permitted in the other domain.
III. Solution
We are currently unaware of a practical solution to this problem.
Do not follow unsolicited links
In order to convince users to visit their sites, attackers often use
URL encoding, IP address variations, long URLs, intentional
misspellings, and other techniques to create misleading links. Use
caution when clicking on unsolicited links received in email, instant
messages, web forums, or internet relay chat (IRC) channels. Type
URLs directly into the browser to avoid these misleading links. While
these are generally good security practices, following these behaviors
will not prevent exploitation of this vulnerability in all cases.
Disable Javascript
Disabling Javascript may mitigate this vulnerability. Instructions
for disabling javascript can be found in the Securing Your Web Browser
document. http://www.cert.org/tech_tips/securing_browser/#Internet_Explorer
Systems Affected
Vendor Status Date Updated
Microsoft Corporation Vulnerable 5-Jun-2007
References
http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
http://msdn2.microsoft.com/en-us/library/ms537183.aspx
http://msdn2.microsoft.com/en-us/library/ms537186.aspx
http://www.cert.org/tech_tips/securing_browser/#Internet_Explorer
http://www.antiphishing.org/consumer_recs.html
Credit
This issue was reported by Michal Zalewski on the Full-Disclosure
mailing list.
This document was written by Ryan Giobbi.
Other Information
Date Public 06/04/2007
Date First Published 06/05/2007 09:24:29 AM
Date Last Updated 06/05/2007
CERT Advisory
CVE Name
Metric 0.00
Document Revision 12
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBRmXzgCh9+71yA2DNAQJmLwP/SskZ9E0yRdePVyS1LYXVj7qezsk66GN3
WLjHeN/RddwWB98FAOYaFND9W9NHOChHf0Up+RxqasBEwfWrdSwLaQOWCJemH8E0
LrZoLYa88KdHcDL9w9NWfRIyhi1ltewoXLI+MG/nQBi3zZfTyGyxS9pjIw2ZVqwr
R/NWsUvNxok=
=mr4X
-----END PGP SIGNATURE-----
|