Marc Maiffret wrote: > Internet Explorer Object Data Remote Execution Vulnerability > > Release Date: > August 20, 2003 > > Reported Date: > May 15, 2003 > > Severity: > High (Remote Code Execution) > > Systems Affected: > Microsoft Internet Explorer 5.01 > Microsoft Internet Explorer 5.5 > Microsoft Internet Explorer 6.0 > Microsoft Internet Explorer 6.0 for Windows Server 2003 > > Description: > eEye Digital Security has discovered a security vulnerability in Microsoft's > Internet Explorer that would allow executable code to run automatically upon > rendering malicious HTML. > > This is a flaw in Microsoft's primary contribution to HTML, the Object tag, > which is used to embed basically all ActiveX into HTML pages. The parameter > that specifies the remote location of data for objects is not checked to > validate the nature of the file being loaded, and therefore trojan > executables may be run from within a webpage as silently and as easily as > Internet Explorer parses image files or any other "safe" HTML content. > > This attack may be utilized wherever IE parses HTML, including web sites, > e-mail, newsgroups, and within applications utilizing web-browsing > functionality. <snip> In case anyone needs a SNORT rule to catch attempts to exploit this vulnerability: #----- alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Internet Explorer Object Data Remote Execution Vulnerability"; \ content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; \ nocase; flow:from_server, established; \ reference:cve,CAN-2003-0532; \ classtype:web-application-activity; rev:1;) #----- Any improvements and suggestions to this rule are highly welcomed. -- NK @ Vilnius nk.tinkle.lt
This archive was generated by hypermail 2b30 : Fri Aug 22 2003 - 11:11:25 PDT