Results 1 to 2 of 2

Thread: Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files

  1. #1

    Thread Starter
    PowerPoster
    Join Date
    Jul 1999
    Posts
    5,923

    Incorrect VBScript Handling in IE can Allow Web Pages to Read Local Files

    Title: Incorrect VBScript Handling in IE can Allow Web Pages to
    Read Local Files
    Date: 21 February 2002
    Software: Internet Explorer
    Impact: Information Disclosure
    Max Risk: Critical
    Bulletin: MS02-009

    Microsoft encourages customers to review the Security Bulletin at:
    http://www.microsoft.com/technet/sec.../MS02-009.asp.
    - -
    - ----------------------------------------------------------------------

    Issue:
    ======
    Frames are used in Internet Explorer to provide for a fuller
    browsing experience. By design, scripts in the frame of one site or
    domain should be prohibited from accessing the content of frames
    in another site or domain. However, a flaw exists in how VBScript
    is handled in IE relating to validating cross-domain access. This
    flaw can allow scripts of one domain to access the contents of
    another domain in a frame.

    A malicious user could exploit this vulnerability by using
    scripting to extract the contents of frames in other domains,
    then sending that content back to their web site. This would
    enable the attacker to view files on the user's local machine
    or capture the contents of third-party web sites the user visited
    after leaving the attacker's site. The latter scenario could,
    in the worst case, enable the attacker to learn personal
    information like user names, passwords, or credit card information.

    In both cases, the user would either have to go to a site under
    the attacker's control or view an HTML email sent by the attacker.
    In addition, the attacker would have to know the exact name and
    location of any files on the user's system. Further, the attacker
    could only gain access to files that can be displayed in a browser
    window, such as text files, HTML files, or image files.

    Mitigating Factors:
    ====================
    - The vulnerability could only be used to view files. It could not
    be used to create, delete, modify or execute them.

    - The vulnerability would only allow an attacker to read files that
    can be opened in a browser window, such as image files, HTML
    files and text files. Other file types, such as binary files,
    executable files, Word documents, and so forth, could not be read.

    - The attacker would need to specify the exact name and location of
    the file in order to read it.

    - The email-borne attack scenario would be blocked if the user were
    using any of the following: Outlook 98 or 2000 with the Outlook
    Email Security Update installed; Outlook 2002; or Outlook
    Express 6.

    Risk Rating:
    ============
    - Internet systems: Moderate
    - Intranet systems: Moderate
    - Client systems: Critical

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletin at
    http://www.microsoft.com/technet/sec...n/ms02-009.asp
    for information on obtaining this patch.

    Acknowledgment:
    ===============
    - Zentai Peter Aron, Ivy Hungary Ltd (http://w3.ivy.hu/)

  2. #2
    ...would explain why Windows Update is so godawful slow tonight...

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width