Here's another IE hole

Discussion in 'OT Technology' started by Astro, Jan 28, 2004.

  1. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    http://www.infoworld.com/article/04/01/28/HNiehole_1.html

    "Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening."

    "The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser."

    For folks keeping count, its been 3 years since this has been presented to Microsoft. I'm now really curious as to how easy it might be to take advantage of this "functionality/feature"...
     
  2. Astro

    Astro Code Monkey

    Joined:
    Mar 18, 2000
    Messages:
    2,047
    Likes Received:
    0
    Location:
    Cleveland Ohio
    As a reader says on slashdot.org:

    "This appears to use the MS CLSID as the target. To find the CLSID for any file type, simply look in the windows registry in HKEY_CLASSES_ROOT. If you attach the CLSID to the end of the filename, windows will hide this from you completely. Thus, if you request a file iloveyou.vbs.txt.{5e941d80-bf96-11cd-b579-08002b30 bfeb} - it will show up as a text file. Other holes would allow the web site to hide the .exe, vbs, etc part of the file name. In the past, the workaround for this was the big IE warning that you were downloading a harmful file... however this is now undermined."
     
  3. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    wonderful :rolleyes:

    looks like i'll be using mozilla a little bit more
     
  4. MP

    MP New Member

    Joined:
    Sep 10, 2002
    Messages:
    34,377
    Likes Received:
    0
    Location:
    Silicon Valley
    the only time I use Ie is when I have to do windows update.

    I wonder how soon till the mozilla team can figure that one out ;)
     
  5. Aimless

    Aimless Resident drunkey

    Joined:
    Nov 5, 2001
    Messages:
    2,534
    Likes Received:
    0
    Location:
    Wisconsin
    I've read up on this, and while I've been using Firebird for at least 6 months, I'm saddened to have to use IE on my laptop for a class involving servlets and .jsp :(
     
  6. CompiledMonkey

    CompiledMonkey New Member

    Joined:
    Oct 26, 2001
    Messages:
    8,528
    Likes Received:
    0
    Location:
    Richmond, VA
    It could be devastating if you don't have a clue about what you are doing. You never should just open a file after download. Scan everything you download. Also, you should only download items from places you trust. Those two actions alone will keep you safe.

    Sure, IE has bugs, but using common sense shields you from most viruses, bugs, etc. It just seems like another window that Linux/Mozilla people are going to jump all over to bash Microsoft.
     
  7. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    The reality with this exploit is that it may not even prompt you for a file download. If an exploiter were to use the CLSID, IE would see it as a trusted file and execute the associated program. That's how i understood it.
     
  8. CompiledMonkey

    CompiledMonkey New Member

    Joined:
    Oct 26, 2001
    Messages:
    8,528
    Likes Received:
    0
    Location:
    Richmond, VA
    So IE wouldn't ask if you want to download a file, it just goes to a page and downloads whatever is there?
     
  9. Mugatu

    Mugatu Ask me about market research. OT Supporter

    Joined:
    Oct 21, 2001
    Messages:
    245,192
    Likes Received:
    0
    :(

    This is why I H8 monopolies - IE was awesome when it was nothing but competition to Netscape but as soon as it killed it, the development stopped completely.
     
  10. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    yup, just like when you open a PDF and it automatically opens Acrobat... same deal, but if an exploiter were to attach the CLSID on the end of a content-type it sounds like it would do the same thing, but without having all the mime associations in your registry.
     
  11. col_panic

    col_panic calm like a bomb Moderator

    Joined:
    Sep 19, 2003
    Messages:
    188,160
    Likes Received:
    0
    Location:
    winter haven, fl
    once again thor larholm shows us what is going on behind the scenes. here is a post he made to bugtraq a few days ago ...

     
  12. CompiledMonkey

    CompiledMonkey New Member

    Joined:
    Oct 26, 2001
    Messages:
    8,528
    Likes Received:
    0
    Location:
    Richmond, VA
    That is the worst code error I've ever heard of. Kinda sad...
     
  13. Mugatu

    Mugatu Ask me about market research. OT Supporter

    Joined:
    Oct 21, 2001
    Messages:
    245,192
    Likes Received:
    0
    :bowdown:

    that guy sounds smart - that stuff should be way over my head but even I could follow what he was saying :cool:
     
  14. SLED

    SLED build an idiot proof device and someone else will

    Joined:
    Sep 20, 2001
    Messages:
    28,118
    Likes Received:
    0
    Location:
    AZ, like a bauce!
    ya, he explains the whole MIME implemtation in explorer which helps.

    This is only a problem with IE because other browsers handle their own mime types, and know a bit about security ;)
     

Share This Page