[ISN] 30 unpatched holes in IE, says security researcher

From: InfoSec News (isnat_private)
Date: Wed Sep 10 2003 - 23:08:21 PDT

Next message: InfoSec News: "[ISN] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II"

Previous message: InfoSec News: "[ISN] Windows & .NET Magazine Security UPDATE--September 10, 2003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

http://www.smh.com.au/articles/2003/09/11/1063249516080.html

By Sam Varghese
September 11, 2003

Microsoft may be releasing details of vulnerabilities every week but
it is yet to tackle the 30 unpatched holes in Internet Explorer which
have been documented by well-known security researcher Thor Larholm.

Larholm, a former black hat and now a senior security researcher with
PivX Solutuions, said today that seven more vulnerabilities had been
added to the list he maintains, all of them having been discovered by
Chinese researcher Liu Die Yu.

"One of these new vulnerabilities exploits a new attack vector that
has surfaced in IE lately, namely misdirecting user input," Larholm
said. "This allows you to redirect a user's mouseclick to (for
example) the OK button on a dialog asking for security confirmation by
moving the browser window prior to the mouse being released.

"This resurrects the debate on whether to disable some core
functionality to heighten security, and areas such as programmatically
moving the user's browser around is likely to be the first considered
seeing as it historically impairs, rather than heightens, the user
experience."

"The six other vulnerabilities are classic cross-domain scripting
vulnerabilities that allow you to steal cookies and sensitive data
from arbitrary websites, such as your online email or banking. When
you couple these vulnerabilities with any of the known ways to load
files from local security zones, you are able to read local files,
plant files and execute arbitrary commands."

Larholm said Liu Die Yu had published similar vulnerabilities in the
past. "About half a dozen more vulnerabilities, quite similar, were
published as well by Liu Die Yu, but all of those have either been
patched long ago or explicitly patched by the latest cumulative IE
patch, MS03-032.

"Similarly, several of the vulnerabilities that remain unpatched are
known to be under active investigation by the Microsoft Security
Response Center, and I am confident that a secure patch is being
prepared for prompt release."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoat_private with 'unsubscribe isn'
in the BODY of the mail.

Next message: InfoSec News: "[ISN] EEYE: Microsoft RPC Heap Corruption Vulnerability - Part II"
Previous message: InfoSec News: "[ISN] Windows & .NET Magazine Security UPDATE--September 10, 2003"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Sep 11 2003 - 01:20:35 PDT