homepage Welcome to WebmasterWorld Guest from 54.198.94.76
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
Serious Unpatched IE Bug: Allows Remote Code Execution
koen




msg:609749
 1:52 pm on Nov 22, 2005 (gmt 0)

"This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.

Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user."

Read about it on the site of computerterrorism. An exploit known on 31/05 and still nothing done about it. And now Microsoft is mad at them for publishing this bug?

 

bcolflesh




msg:609750
 2:04 pm on Nov 22, 2005 (gmt 0)

[secunia.com...]

That advisory hasn't been updated, but the same DOS can be replicated with Firefox 1.0.7 on Debian Linux, so it's bigger than MS or IE.

koen




msg:609751
 2:08 pm on Nov 22, 2005 (gmt 0)

Firefox 1.5beta is reported to crash. So FF users should be safe if they update.

edit: and on linux not just any code or program can be run for normal users

bcolflesh




msg:609752
 2:33 pm on Nov 22, 2005 (gmt 0)

Folks can try the Proof of Concept here:

[computerterrorism.com...]

Windows XP, Firefox 1.0.7 - 100% CPU usage from first link.

kaled




msg:609753
 2:52 pm on Nov 22, 2005 (gmt 0)

Just tried FF 1.04 (XP) and FF simply locked up.

Kaled.

koen




msg:609754
 2:55 pm on Nov 22, 2005 (gmt 0)

Same for my 1.5 beta. Had to terminate it.

encyclo




msg:609755
 3:51 pm on Nov 22, 2005 (gmt 0)

It may crash browsers such as Firefox (it is a Javascript exploit) but does it allow remote code execution like with IE? If is it just a crash, then the problem is much less serious in Firefox and other browsers. Same goes for Linux - does the exploit allow code execution on platforms other than Windows?

Note that it appears that there are exploits available for IE and there is no patch at the moment - the only protection is to disable Javascript completely.

I've only got IE6 at work so I won't try it ;)

kaled




msg:609756
 4:35 pm on Nov 22, 2005 (gmt 0)

When I tested it, Calc.exe did not open therefore, in the absence of information to the contrary, I think Firefox is safe.

Without looking at the code, I imagine it is some sort array-bound hack that is likely to be browser-specific and fairly easy to fix (unless your name is Microsoft).

Kaled.

bcolflesh




msg:609757
 4:38 pm on Nov 22, 2005 (gmt 0)

Calc.exe doesn't open for me on Win XP SP2 with IE either, it just closes the browser with the "Send this error to MS?" popup - so there must be specific configuration variables that are prerequisites here.

encyclo




msg:609758
 8:27 pm on Nov 22, 2005 (gmt 0)

If I understand the issue correctly, the bug can be exploited to allow remote code execution when visiting a page with IE6 (maybe not with SP2?). The javascript can crash Firefox (the denial of service also affect non-Windows OSs) but does not allow remote code execution. Opera is apparently unaffected, I don't know for Safari or Konqueror.

rogerd




msg:609759
 8:49 pm on Nov 22, 2005 (gmt 0)

From what I can see, SP2 doesn't correct the problem. MS has said they'll address the issue as part of their critical update process.

[news.zdnet.com...]

People who want to turn off IE active scripting as a preventative measure might find this useful: How to stop 'Active Scripting' [blogs.zdnet.com]. This will break some sites, although if you need to access the scripting they can be added to the Trusted list.

RonPK




msg:609760
 10:00 pm on Nov 22, 2005 (gmt 0)

On my XP Pro with SP2:
* IE 6 : launches calc.exe, crashes IE
* FF 1.0.7: huge prompt, CPU runs at 100%
* Opera 8.5: no problems ;)

encyclo




msg:609761
 1:39 am on Nov 23, 2005 (gmt 0)

I tried the exploit page with Konqueror 3.4.1 and nothing untoward happened at all - no lock up or even slowdown. I guess that means Konqueror is safe. :)

panic




msg:609762
 1:44 am on Nov 23, 2005 (gmt 0)

Didn't have any problems with Opera

mrMister




msg:609763
 4:28 pm on Nov 23, 2005 (gmt 0)

IE: 6.0.2900.2180.xpsp_sp2_gdr.500301-1519

Nothing major happens. CPU usage fine, Javascript popup appears, but no calc.exe

FireFox 1.07 100%

CPU usage goes up to 100% Firefox becomes unusable (has to be restarted)

RammsteinNicCage




msg:609764
 6:29 pm on Nov 23, 2005 (gmt 0)

Same IE as mrMister, but I do have calc.exe open. (Win XP)

FF goes up to 50%CPU for me and becomes unusable.

Jennifer

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved