http://www.smh.com.au/articles/2003/09/11/1063249516080.html By Sam Varghese September 11, 2003 Microsoft may be releasing details of vulnerabilities every week but it is yet to tackle the 30 unpatched holes in Internet Explorer which have been documented by well-known security researcher Thor Larholm. Larholm, a former black hat and now a senior security researcher with PivX Solutuions, said today that seven more vulnerabilities had been added to the list he maintains, all of them having been discovered by Chinese researcher Liu Die Yu. "One of these new vulnerabilities exploits a new attack vector that has surfaced in IE lately, namely misdirecting user input," Larholm said. "This allows you to redirect a user's mouseclick to (for example) the OK button on a dialog asking for security confirmation by moving the browser window prior to the mouse being released. "This resurrects the debate on whether to disable some core functionality to heighten security, and areas such as programmatically moving the user's browser around is likely to be the first considered seeing as it historically impairs, rather than heightens, the user experience." "The six other vulnerabilities are classic cross-domain scripting vulnerabilities that allow you to steal cookies and sensitive data from arbitrary websites, such as your online email or banking. When you couple these vulnerabilities with any of the known ways to load files from local security zones, you are able to read local files, plant files and execute arbitrary commands." Larholm said Liu Die Yu had published similar vulnerabilities in the past. "About half a dozen more vulnerabilities, quite similar, were published as well by Liu Die Yu, but all of those have either been patched long ago or explicitly patched by the latest cumulative IE patch, MS03-032. "Similarly, several of the vulnerabilities that remain unpatched are known to be under active investigation by the Microsoft Security Response Center, and I am confident that a secure patch is being prepared for prompt release." - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 01:20:35 PDT