Reported August 22, 2002, by Microsoft.
VERSION AFFECTED
· Microsoft Internet Explorer 6.0
· Microsoft Internet Explorer 5.5
· Microsoft Internet Explorer 5.01
DESCRIPTION
Five new vulnerabilities exist in Microsoft’s Internet Explorer (IE), the most serious of which could allow a potential attacker to execute arbitrary code on the vulnerable system. These five newly discovered vulnerabilities are:
· A buffer overrun vulnerability affecting an ActiveX control used to display specially formatted text. The control contains a buffer overrun vulnerability that could enable a potential attacker to run code on the vulnerable system under the security context of the currently logged on user.
· A vulnerability involving how IE handles an HTML directive that displays XML data. This directive does not correctly check for the case where a referenced XML data source is in fact redirected to a data source in a different domain. This flaw could enable a potential attacker’s web page to open XML-based files residing on a remote system within a browser window that the site could read. This would enable the potential attacker to read contents from websites that users had access to but the attacker was not able to navigate to.
· A vulnerability involving how Internet Explorer represents the origin of a file in the “File Download” dialogue box. This flaw could enable a potential attacker to misrepresent the source of a file offered for download in an attempt to fool users into accepting a file download from an untrusted source, instead believing it to be coming from a trusted source.
· A Cross Domain verification vulnerability that occurs because of improper domain checking in conjunction with the Object tag. This vulnerability could enable a malicious web site operator to access data across different domains, such as one in a web site’s domain and the other on the vulnerable system’s local file system, and then pass information from the latter to the former. This could enable the potential attacker to read, but not change, any file on the vulnerable user’s local computer that could be viewed in a browser window.
· A newly reported variant of the "Cross-Site Scripting in Local HTML Resource" vulnerability originally discussed in Microsoft Security Bulletin MS02-023. This variant could enable a potential attacker to create a web page that when opened would run in the Local Computer zone security setting instead of the Internet Zone setting.
This is a cumulative patch that addresses all previous vulnerabilities as well as the buffer overrun vulnerability affecting the Gopher protocol handler reported in Microsoft Security Bulletin MS02-027.
VENDOR RESPONSE
The vendor, Microsoft, has released Security Bulletin MS02-047 to address these vulnerabilities and recommends that affected users download and apply the appropriate patch mentioned in the security bulletin.
CREDIT
Discovered by GreyMagic Software, Mark Litchfield of Next Generation Security Software Ltd. and Jouko Pynnonen of Oy Online Solutions Ltd.
