Welcome to WebmasterWorld Guest from 54.224.253.195

Forum Moderators: incrediBILL

Message Too Old, No Replies

Serious Unpatched IE Bug: Allows Remote Code Execution

     
1:52 pm on Nov 22, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 11, 2005
posts:116
votes: 0


"This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.

Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user."

Read about it on the site of computerterrorism. An exploit known on 31/05 and still nothing done about it. And now Microsoft is mad at them for publishing this bug?

2:04 pm on Nov 22, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2003
posts:2355
votes: 0


[secunia.com...]

That advisory hasn't been updated, but the same DOS can be replicated with Firefox 1.0.7 on Debian Linux, so it's bigger than MS or IE.

2:08 pm on Nov 22, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 11, 2005
posts:116
votes: 0


Firefox 1.5beta is reported to crash. So FF users should be safe if they update.

edit: and on linux not just any code or program can be run for normal users

2:33 pm on Nov 22, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2003
posts:2355
votes: 0


Folks can try the Proof of Concept here:

[computerterrorism.com...]

Windows XP, Firefox 1.0.7 - 100% CPU usage from first link.

2:52 pm on Nov 22, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


Just tried FF 1.04 (XP) and FF simply locked up.

Kaled.

2:55 pm on Nov 22, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Feb 11, 2005
posts:116
votes: 0


Same for my 1.5 beta. Had to terminate it.
3:51 pm on Nov 22, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


It may crash browsers such as Firefox (it is a Javascript exploit) but does it allow remote code execution like with IE? If is it just a crash, then the problem is much less serious in Firefox and other browsers. Same goes for Linux - does the exploit allow code execution on platforms other than Windows?

Note that it appears that there are exploits available for IE and there is no patch at the moment - the only protection is to disable Javascript completely.

I've only got IE6 at work so I won't try it ;)

4:35 pm on Nov 22, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 2, 2003
posts:3710
votes: 0


When I tested it, Calc.exe did not open therefore, in the absence of information to the contrary, I think Firefox is safe.

Without looking at the code, I imagine it is some sort array-bound hack that is likely to be browser-specific and fairly easy to fix (unless your name is Microsoft).

Kaled.

4:38 pm on Nov 22, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 21, 2003
posts:2355
votes: 0


Calc.exe doesn't open for me on Win XP SP2 with IE either, it just closes the browser with the "Send this error to MS?" popup - so there must be specific configuration variables that are prerequisites here.
8:27 pm on Nov 22, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


If I understand the issue correctly, the bug can be exploited to allow remote code execution when visiting a page with IE6 (maybe not with SP2?). The javascript can crash Firefox (the denial of service also affect non-Windows OSs) but does not allow remote code execution. Opera is apparently unaffected, I don't know for Safari or Konqueror.
8:49 pm on Nov 22, 2005 (gmt 0)

Administrator

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 2, 2000
posts:9686
votes: 0


From what I can see, SP2 doesn't correct the problem. MS has said they'll address the issue as part of their critical update process.

[news.zdnet.com...]

People who want to turn off IE active scripting as a preventative measure might find this useful: How to stop 'Active Scripting' [blogs.zdnet.com]. This will break some sites, although if you need to access the scripting they can be added to the Trusted list.

10:00 pm on Nov 22, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 22, 2002
posts:1749
votes: 0


On my XP Pro with SP2:
* IE 6 : launches calc.exe, crashes IE
* FF 1.0.7: huge prompt, CPU runs at 100%
* Opera 8.5: no problems ;)
1:39 am on Nov 23, 2005 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9068
votes: 4


I tried the exploit page with Konqueror 3.4.1 and nothing untoward happened at all - no lock up or even slowdown. I guess that means Konqueror is safe. :)
1:44 am on Nov 23, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:June 16, 2003
posts:633
votes: 0


Didn't have any problems with Opera
4:28 pm on Nov 23, 2005 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Feb 24, 2005
posts:965
votes: 0


IE: 6.0.2900.2180.xpsp_sp2_gdr.500301-1519

Nothing major happens. CPU usage fine, Javascript popup appears, but no calc.exe

FireFox 1.07 100%

CPU usage goes up to 100% Firefox becomes unusable (has to be restarted)

6:29 pm on Nov 23, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:May 20, 2003
posts:493
votes: 0


Same IE as mrMister, but I do have calc.exe open. (Win XP)

FF goes up to 50%CPU for me and becomes unusable.

Jennifer