Welcome to WebmasterWorld Guest from 54.205.115.177

Forum Moderators: incrediBILL

Message Too Old, No Replies

Serious Unpatched IE Bug: Allows Remote Code Execution

   
1:52 pm on Nov 22, 2005 (gmt 0)

10+ Year Member



"This document serves as a reclassification advisory for the Microsoft Internet Explorer JavaScript Window() DoS vulnerability, originally reported on 31/05/2005.

Contrary to popular beliefs, the aforementioned security issue is susceptible to remote, arbitrary code execution, yielding full system access with the privileges of the underlying user."

Read about it on the site of computerterrorism. An exploit known on 31/05 and still nothing done about it. And now Microsoft is mad at them for publishing this bug?

2:04 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



[secunia.com...]

That advisory hasn't been updated, but the same DOS can be replicated with Firefox 1.0.7 on Debian Linux, so it's bigger than MS or IE.

2:08 pm on Nov 22, 2005 (gmt 0)

10+ Year Member



Firefox 1.5beta is reported to crash. So FF users should be safe if they update.

edit: and on linux not just any code or program can be run for normal users

2:33 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Folks can try the Proof of Concept here:

[computerterrorism.com...]

Windows XP, Firefox 1.0.7 - 100% CPU usage from first link.

2:52 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



Just tried FF 1.04 (XP) and FF simply locked up.

Kaled.

2:55 pm on Nov 22, 2005 (gmt 0)

10+ Year Member



Same for my 1.5 beta. Had to terminate it.
3:51 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



It may crash browsers such as Firefox (it is a Javascript exploit) but does it allow remote code execution like with IE? If is it just a crash, then the problem is much less serious in Firefox and other browsers. Same goes for Linux - does the exploit allow code execution on platforms other than Windows?

Note that it appears that there are exploits available for IE and there is no patch at the moment - the only protection is to disable Javascript completely.

I've only got IE6 at work so I won't try it ;)

4:35 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member kaled is a WebmasterWorld Top Contributor of All Time 10+ Year Member



When I tested it, Calc.exe did not open therefore, in the absence of information to the contrary, I think Firefox is safe.

Without looking at the code, I imagine it is some sort array-bound hack that is likely to be browser-specific and fairly easy to fix (unless your name is Microsoft).

Kaled.

4:38 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Calc.exe doesn't open for me on Win XP SP2 with IE either, it just closes the browser with the "Send this error to MS?" popup - so there must be specific configuration variables that are prerequisites here.
8:27 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



If I understand the issue correctly, the bug can be exploited to allow remote code execution when visiting a page with IE6 (maybe not with SP2?). The javascript can crash Firefox (the denial of service also affect non-Windows OSs) but does not allow remote code execution. Opera is apparently unaffected, I don't know for Safari or Konqueror.
8:49 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Administrator rogerd is a WebmasterWorld Top Contributor of All Time 10+ Year Member



From what I can see, SP2 doesn't correct the problem. MS has said they'll address the issue as part of their critical update process.

[news.zdnet.com...]

People who want to turn off IE active scripting as a preventative measure might find this useful: How to stop 'Active Scripting' [blogs.zdnet.com]. This will break some sites, although if you need to access the scripting they can be added to the Trusted list.

10:00 pm on Nov 22, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



On my XP Pro with SP2:
* IE 6 : launches calc.exe, crashes IE
* FF 1.0.7: huge prompt, CPU runs at 100%
* Opera 8.5: no problems ;)
1:39 am on Nov 23, 2005 (gmt 0)

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member



I tried the exploit page with Konqueror 3.4.1 and nothing untoward happened at all - no lock up or even slowdown. I guess that means Konqueror is safe. :)
1:44 am on Nov 23, 2005 (gmt 0)

10+ Year Member



Didn't have any problems with Opera
4:28 pm on Nov 23, 2005 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



IE: 6.0.2900.2180.xpsp_sp2_gdr.500301-1519

Nothing major happens. CPU usage fine, Javascript popup appears, but no calc.exe

FireFox 1.07 100%

CPU usage goes up to 100% Firefox becomes unusable (has to be restarted)

6:29 pm on Nov 23, 2005 (gmt 0)

10+ Year Member



Same IE as mrMister, but I do have calc.exe open. (Win XP)

FF goes up to 50%CPU for me and becomes unusable.

Jennifer