homepage Welcome to WebmasterWorld Guest from 54.166.148.189
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / HTML
Forum Library, Charter, Moderators: incrediBILL

HTML Forum

    
New Internet Explorer Highly Critical Security Flaw
createTextRange() Code Execution applied on a radio button control
outrun




msg:566502
 10:08 pm on Mar 22, 2006 (gmt 0)

The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

Internet Explorer Beta 2 Preview is also affected.

[secunia.com...]

 

mack




msg:566503
 9:48 am on Mar 23, 2006 (gmt 0)

Somethings never change :)

Mack.

barns101




msg:566504
 10:01 am on Mar 23, 2006 (gmt 0)

And M$ said that IE7 was built with improved security in mind :o

Dijkgraaf




msg:566505
 10:31 am on Mar 23, 2006 (gmt 0)

Well they said improved security, not perfect :-)
I don't think they will ever get security 100%.

Windows is just an inherently insecure operating system, and hence anything running on it will also be insecure. They would have to start from scratch to build a operating that is totaly secure.

mack




msg:566506
 10:37 am on Mar 23, 2006 (gmt 0)

There is no such thing as 100% secure. The low life who exploit these vunerabilities are targeting you and I. Perhaps it's time to point the finger else where. :)

Mack.

davidpbrown




msg:566507
 10:55 am on Mar 23, 2006 (gmt 0)

> There is no such thing as 100% secure.

Yet again the solution suggested "Disable Active Scripting support".

I'm not an expert but my impression is this is a perpetual symptom of IE and Windows binding. I can't see that intergrated 'features' are ever going to be more secure than objects that are designed to be distinct.. which I take to be the approach of others.

Or am I confused?

afterburner




msg:566508
 11:12 am on Mar 23, 2006 (gmt 0)

here we go IE, get it right before you release it

lajkonik86




msg:566509
 11:44 am on Mar 23, 2006 (gmt 0)

not really that interested personally into their new browser anyhow. I'm just to attached to my firefox extension toys.
From a professional perspective i am offcourse. new coding fun. :) The new max width should proof interesting . Still have to think about the old ones though :(

kaled




msg:566510
 12:07 pm on Mar 23, 2006 (gmt 0)

Speaking as a programmer, I find all these code execution vulnerabilities baffling.

On any half-decent, tidyish code such things should be a complete impossibility. What sort of ghastly mess does Microsoft actually produce?

When Windows 95 was released, they made a big deal of it being object orientated. Of course, this was 95% untrue with only some new stuff being implemented using so-called interfaces which don't support object inheritance. However, if MS used objects properly in applications such as IE to ensure that all memory allocations were handled properly, none of these problems would exist at all.

It's abolutely amazing that MS can get away with writing this rubbish. The best thing they can do is ditch all their own development tools and use Borland stuff instead. They might then produce some proper code.

Kaled.

bhonda




msg:566511
 12:26 pm on Mar 23, 2006 (gmt 0)

Hey - I take offense at that - we've got an entire Microsoft developing environment here and we make perfect code!

Hehe.

Seriously though, I don't really see their development tools as being the cause of their problems, I am by no means an expert, but I'm just guessing that a lot of MS stuff is bloated, and I think a piece of software can only get so complex before problems arise. I agree with the post before, it would be great if MS took a step back and created a new OS from scratch, using everything they've learnt, it might actually be something we could be confident about! They need a clean slate to work on, then I think 'flaws' in security would be reduced dramatically.

B

webdoctor




msg:566512
 12:28 pm on Mar 23, 2006 (gmt 0)

On any half-decent, tidyish code such things should be a complete impossibility.

Those who have downloaded a copy of the leaked Windows 2000 source code can testify to its quality (or lack of quality).

It's pretty amazing stuff...

...allegedley :-)

Edge




msg:566513
 1:13 pm on Mar 23, 2006 (gmt 0)

I'm not a MS fan, however I recognize that any complex engineered product will have flaws of some sort, if a human created it. Ultimately, a robust testing / quality verification process is what ensures a stable and viable product. The engineering process in modern companies can leave a lot to desired, aggressive schedules, overworked engineers, vague specifications, poor communication are just some of the typical challenges in a engineering culture.

zafile




msg:566514
 1:27 pm on Mar 23, 2006 (gmt 0)

How soon programmers forget their own X origins...

Here is this document so you remember where you come from:

[alw.nih.gov...]

dudibob




msg:566515
 1:54 pm on Mar 23, 2006 (gmt 0)

no matter how secure you make something, someone will always be able to break it.

MS annoy me, but because they dominate the OS market, they get targeted more IMO

kaled




msg:566516
 2:52 pm on Mar 23, 2006 (gmt 0)

we've got an entire Microsoft developing environment here and we make perfect code!

It's possible to write perfect code in assembler - it's just more difficult.

It's offtopic but...
I firmly believe that much of the problem lies in the ugly nature of the C language. Pascal is a clean language (just not really a complete one). An ugly language leads to ugly code, and a clean language leads to, well, less ugly code anyway.

Kaled.

Kufu




msg:566517
 4:18 pm on Mar 23, 2006 (gmt 0)

Yawn...nothing unusual here.

Personally, I don't have a problem with IE. Every piece of software is going to have bugs, but MS should stop touting their superiority of their software and its security when they constantly release buggy work. I'm sure if as many people used FF, there would be issues (on the same level as IE) found with it too, I just don't want to hear "Our software is great!" and then a week later someone finds that if you click the reload button your OS gets wiped out.

bedlam




msg:566518
 5:21 pm on Mar 23, 2006 (gmt 0)

I'm sure if as many people used FF, there would be issues (on the same level as IE) found with it too

Not necessarily [wired.com].

-b

tedster




msg:566519
 5:32 pm on Mar 23, 2006 (gmt 0)

The security problems, as I see it, stem from Microsoft's successful pursuit of the corporate market. All kinds of fancy doo-dads can be used in a controlled intranet environment, and the staff can hook together all kinds of office (Office) functionality. This is the "browser as an application platform" idea. More than a browser, you know.

But when that same fancied-up browser gets used by the general public for traveling in the wildest jungles of the public web, then all that complexity inevitably exposes loopholes.

Ultimately, a robust testing / quality verification process is what ensures a stable and viable product.

I think the complexity of IE can only be tested by the general public -- it takes that big a "team". And we're doing it, aren't we?

[edited by: tedster at 7:19 am (utc) on Mar. 24, 2006]

amygrech




msg:566520
 6:08 pm on Mar 23, 2006 (gmt 0)

That's why I swear by Firefox!

Amy

Kufu




msg:566521
 7:34 pm on Mar 23, 2006 (gmt 0)

That's why I swear by Firefox!

And I generally end up swearing at IE, mostly for how it handles CSS. :)

hutcheson




msg:566522
 2:23 am on Mar 24, 2006 (gmt 0)

>I firmly believe that much of the problem lies in the ugly nature of the C language.

Dr. Knuth emphasises that "there never has been, nor will there ever be, any language in which it is the least bit difficult to write bad code."

C is, admittedly, a language for people who actually enjoy assembly language: for such, there is nothing comparable. (And, of course, anything that can be written badly in assembler can be written equally badly but much faster in C.)

Pascal is great for single-page-sized problems, but it forces larger programs into a straitjacket that simply doesn't fit any kind of sophisticated software development techniques. (Dr. Wirth knew that perfectly well, which is why HIS own programming was in a different language also of his own design.)

Dijkgraaf




msg:566523
 3:16 am on Mar 24, 2006 (gmt 0)

An exploit for this is allready out in the wild according to the Internet Storm Center [isc.sans.org].

2by4




msg:566524
 5:36 am on Mar 24, 2006 (gmt 0)

tedster has this one right, many of the 'security issues' of ie are actually direct outcomes of ms trying to lock in the corporate market by making everything 'easy to do'. For those not into security, that generally translates directly to 'insecure'.

Mack:

Windows is just an inherently insecure operating system, and hence anything running on it will also be insecure. They would have to start from scratch to build a operating that is totaly secure.

This is a fairly accurate statement. It's almost impossible to run windows in a standard secure user mode, I tried it with clients and we had to give up. Why? Because MS outlook would not run correctly for us in user or power user mode. Among several other show stoppers. In other words, ms applications would not let us run in secure mode.

IIS, MSIE, Outlook, Outlook Express, have been insecure by design since they were released. Every time this issue comes up, someone always has to repeat the ms spin and fud about market share being the cause. I'm sure this makes the MS pr people happy, since they can show ms that they are getting some return on their pr investments.

The cause is active x linking directly into the operating system. Firefox, Opera, Konqueror etc, do not have this direct link. And they are, while not perfect, radically safer than IE out of the box.

Don't be fooled by the hype, spyware uses active x almost exclusively to install itself. Currently, despite the recent os x proof of concept exploits, which, it should be noted, were never found in the wilds, there has been no os x virus.

I don't run antivirus on my linux desktop, although I do follow good security practices that I learned from years of using windows.

Both os x and linux systems, except for a few badly designed consumer products like linspire, are secure out of the box. I ran nmap against my out of the box installation of debian and it reported only 3 closed ports. With a good firewall everything is shut down except for only the specific applications that have permission to talk to the web. XP allows all outbound traffic on their joke of a built in firewall.

MS cannot create a secure os because that would compromise the 'user friendliness' they sell their systems with.

Microsoft could quite easily have made their systems actually be reasonably secure, but they chose not to. They can't rock the corporate market boat too much, they can't mess with badly written applications that must run insecurely, it's inertia, they built their bed, and now they have to lie in it. That's the price you pay for the near insane desire to create a monopoly desktop os. Luckily they failed on the server front.

As a side note: no friend who I have converted to firefox and thunderbird in windows xp has had any significant spyware or virus problem. The only times problems have arisen is when visitors come, and without asking, use hotmail on msie, and of course instantly install the latest virus on the box. If you do not allow any ms product to interact with the internet you can actually use xp or 2000 fairly safely, without much problem, for years. But you can't let anyone use that deadly blue e to connect to the web.

MS will never create a secure msie because it is the corporate market that most uses the active x garbage, normal sites are dumping it left and right as they realize that they lose the best educated part of the computer market by creating an msie only site.

Despite the learning curve of switching to a more powerful system like linux, I find that I don't miss a single thing about windows, zero. It's a con as far as I'm concerned.

wildbest




msg:566525
 5:53 am on Mar 24, 2006 (gmt 0)

...Luckily they failed on the server front.

I don't think so!

amznVibe




msg:566526
 5:57 am on Mar 24, 2006 (gmt 0)

I wonder if this issue is the same or different from this one from last week?
[lists.grok.org.uk...]
This one has nothing to do with creating a text range.
So that would be two or even three critical issues this month!
Patch Tuesday is weeks away...

2by4




msg:566527
 6:24 am on Mar 24, 2006 (gmt 0)

wildbest, ms currently has I think something like 25% of the web server market. Last I checked they were gradually losing market share on webservers. For good reason. They are gaining on unix slowly on other servers, but it's harder to tell with linux. Of course, even the windows server numbers tend to seriously misrepresent the facts, since windows servers tend to do single tasks, so they'll sell more to do the same work. As anyone knows who's compared an IIS windows box to a *nix apache box.

MS actually thought they could replace unix by simply releasing a bad nt4 system, then a buggy nt5, and a finally somewhat ok nt 5.2, aka 2003. It's been a joy to watch them fail to get major market share on the web, especially since I've suffered with IIS and that junk, it deserved to flounder, it's corporate junk.

However, the only way anyone can pretend that ms releases secure products, or has any idea about security, would be for them to successfully ignore ALL of the last 10 years of history, upto this last issue. Then you can happily believe the marketing hype ms releases. Personally, since I've watched it for years, I believe what I see. Facts that is. OS X, which I personally hate, has had zero viruses. it's much more secure, by design. All unix systems are also more secure, by design. That's life. It's the reason ms has not been able to fix the issues, windows is insecure by design, though server 2003 was the first sort of ok release they've had. But why let someone with this bad a track record say a word about security? Weird.

kaled




msg:566528
 11:41 am on Mar 24, 2006 (gmt 0)

Offtopic... sorry.

hutcheson said
Pascal is great for single-page-sized problems, but it forces larger programs into a straitjacket that simply doesn't fit any kind of sophisticated software development techniques.

You've never used Delphi have you.

The basic architecture of Borland Pascal is very good indeed and it produces code every bit as tight as C (if you know how). There are only two problems
1) Too many people use C so it's often necessary to translate example code rather than cut and paste it.
2) There are still things missing - but nothing that could not be added quite easily.

Incidentally, straitjackets aren't a bad thing when you have teams of programmers working on a single project. Provided that a given problem can be solved (simply and efficiently) it's best to use the same solution every single time. The flexibility of C means that different programmers often write very different code and can find each others' code difficult to understand and modify and that can lead to big problems.

Kaled.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / HTML
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved