-----BEGIN PGP SIGNED MESSAGE----- NOMEN NESCIO SECURITY ALERT #9000989 666 Topic: Remote File Execution By Web or Mail: Internet Explorer Severity: Critical Datum: 2001-11-21 Affected Systems: |||||||||||||||||||||||||||||||| Microsoft Internet Explorer 5.01 and 6.00 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows ME - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows 2000 Terminal Services - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP1 - Microsoft Windows NT 4.0SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a Microsoft Internet Explorer 5.0 for Windows NT 4.0 - Microsoft Windows NT 4.0 Microsoft Internet Explorer 5.0 for Windows 98 - Microsoft Windows 98 Microsoft Internet Explorer 5.0 for Windows 95 - Microsoft Windows 95 Microsoft Internet Explorer 5.0 for Windows 2000 - Microsoft Windows 2000 Microsoft Outlook 98 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP1 - Microsoft Windows NT 4.0SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a - Microsoft Windows NT 4.0SP7 Microsoft Outlook 97 Microsoft Outlook 2000 - Microsoft Windows 2000 - Microsoft Windows 2000 SP1 - Microsoft Windows 2000 SP2 - Microsoft Windows NT 4.0 - Microsoft Windows NT 4.0SP1 - Microsoft Windows NT 4.0SP2 - Microsoft Windows NT 4.0SP3 - Microsoft Windows NT 4.0SP4 - Microsoft Windows NT 4.0SP5 - Microsoft Windows NT 4.0SP6 - Microsoft Windows NT 4.0SP6a - Microsoft Windows NT 4.0SP7 Microsoft Outlook Express 5.0 - Microsoft Windows 95 - Microsoft Windows 98 - Microsoft Windows NT 4.0 Impact: |||||||||||||||||||||||||||||||| Merely viewing a web page or opening a mail message will trigger the flaw. Problem: |||||||||||||||||||||||||||||||| There is a critical flaw within the html parser of Internet Explorer and its interpretation of certain html tags relative to the HKEY_CLASSES_ROOT\htmlfile_FullWindowEmbed key. Exploit: |||||||||||||||||||||||||||||||| In accordance with the new suggested policy of responsible disclosure, no exploit and no further details will be made available at this time to the general public or the vendor. In 60 days from publication of this advisory full working exploits and details will be made available to the general public and vendor at the same time. Workaround: |||||||||||||||||||||||||||||||| Create a Registry Entry file .reg, click on it or right click and select merge. Additional Information: |||||||||||||||||||||||||||||||| The Common Vulnerabilities and Exposures (CVE) project has reserved a name for this issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which standardizes names for security problems. Candidates may change significantly before they become official CVE entries. Credits: |||||||||||||||||||||||||||||||| This vulnerability was discovered and researched by NOMEN NESCIO. Copyright (c) 2001 NOMEN NESCIO SECURITY ALERT, Inc. All rights reserved worldwide. Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of NOMEN NESCIO SECURITY ALERT. -----BEGIN PGP SIGNATURE----- Version: Hush 2.0 wmUEARECACUFAjv7/NgeHGh1c2gubGl0dGxlLmJhYnlAaHVzaG1haWwuY29tAAoJEFuT PTd7eGFrhoQAoJg52BclS0sUnkQQ7GtwTvcYBcchAJ0SzJn+UIwSQe4WYDkO1IcyRqEr ug== =qjIN -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Wed Nov 21 2001 - 11:42:53 PST