RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)

From: Menashe Eliezer (menasheat_private)
Date: Thu Apr 25 2002 - 10:18:20 PDT

Next message: Deus, Attonbitus: "Eudora Logging"

Previous message: 3APA3A: "Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
In reply to: 3APA3A: "Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Next in thread: Deus, Attonbitus: "RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Next in thread: 3APA3A: "Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Reply: Deus, Attonbitus: "RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

The vulnerabilities' list is accessible even by unprivileged user account.
The ability of active content to access this report depends on
security setting of the browser.
For example, signed ActiveX that runs in browser with low security
setting, doesn't need user's approval. User can also choose not be asked
whether to launch ActiveX that is signed by a specific signer. In such case,
there's no need for low security setting of the browser.
The ActiveX doesn't have to be safe for scripting. The ActiveX can do
anything
without being scripted at all.
You can access this report even without active content.
All you need is a limited exploit that just allows you to read a file.

Deus Attonbitus wrote:
DA>but the script would also have to be able to discern the currently logged
DA>on user in order to see where to look in the "Documents and Settings"
tree.
1. Discern the currently logged on user - It's a simple Win32 API.
2. Code can simply look for "Security Scans" folder in tree.


Regards,
Menashe.

-----Original Message-----
From: 3APA3A [mailto:3APA3Aat_private]
Sent: Thursday, April 25, 2002 10:52 AM
To: Menashe Eliezer
Cc: Bugtraq; vuln-dev
Subject: Re: Microsoft Baseline Security Analyzer exploit (Exposed
vulnerabilities' list)


Dear Menashe Eliezer,

Sorry  for  asking,  but  it's  unclear from advisory: is it possible to
access reports with either:

1. ActiveX element marked safe for scripting
2. Javascript or VBscript from "Internet" security zone

Examples  you give for scripting will only run in local host content, so
this  problem  seems to be local only (default permissions for sensitive
files)  with  minimal  impact,  because  analysis  of  security  policy,
registry  and  file  permissions can (mostly) be done by local user with
unprivileged account. In this case risk is low.

--Thursday, April 25, 2002, 5:06:32 AM, you wrote to
bugtraqat_private:

ME> Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities'
list)
ME> Finjan Software Security Advisory
ME> URL: http://www.finjan.com/mcrc/alert_show.cfm?attack_release_id=71
ME> April 24, 2002
ME> Risk: Medium
ME> -------------



--
~/ZARAZA
Человек это тайна... я занимаюсь этой тайной чтобы быть человеком.
(Достоевский)

Next message: Deus, Attonbitus: "Eudora Logging"
Previous message: 3APA3A: "Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
In reply to: 3APA3A: "Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Next in thread: Deus, Attonbitus: "RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Next in thread: 3APA3A: "Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Reply: Deus, Attonbitus: "RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Apr 25 2002 - 22:54:37 PDT