Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2004.0091 -- US-CERT Advisory
TA04-033A: Multiple Vulnerabilities in Microsoft Internet Explorer
05 February 2004
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Internet Explorer 6
Internet Explorer 5.50
Internet Explorer 5.01
Publisher: US-CERT
Operating System: Windows Server 2003
Windows XP
Windows 2000
Windows NT
Windows ME
Windows 98/98SE
Platform: IA-32
IA-64
Impact: Execute Arbitrary Code/Commands
Create Arbitrary Files
Provide Misleading Information
Access Required: Remote
CVE Names: CAN-2003-01026 CAN-2003-01027 CAN-2003-01025
Ref: ESB-2004.0083
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Multiple Vulnerabilities in Microsoft Internet Explorer
Original issue date: February 02, 2004
Last revised: --
Source: US-CERT
Systems Affected
Microsoft Windows systems running
* Internet Explorer 5.01
* Internet Explorer 5.50
* Internet Explorer 6
Previous, unsupported, versions of Internet Explorer may also be
affected.
Overview
Microsoft Internet Explorer (IE) contains multiple vulnerabilities,
the most serious of which could allow a remote attacker to execute
arbitrary code with the privileges of the user running IE.
Description
Microsoft Security Bulletin MS04-004 describes three vulnerabilities
in Internet Explorer. These vulnerabilities are listed below. More
detailed information is available in the individual vulnerability
notes. Note that in addition to IE, any applications that use the IE
HTML rendering engine to interpret HTML documents may present
additional attack vectors for these vulnerabilities.
VU#784102 - Microsoft Internet Explorer Travel Log Cross Domain
Vulnerability
A cross-domain scripting vulnerability exists in the Travel Log
functionality of Internet Explorer. This vulnerability could allow a
remote attacker to execute arbitrary script in a different domain,
including the Local Machine Zone.
(Other resources: CAN-2003-01026)
VU#413886 - Microsoft Internet Explorer Drag-and-Drop Operation
Vulnerability
Internet Explorer allows remote attackers to direct drag and drop
behaviors and other mouse click actions by using method caching
(SaveRef) to access the window.moveBy method.
(Other resources: CAN-2003-01027)
VU#652278 - Microsoft Internet Explorer does not properly display URLs
Microsoft Internet Explorer does not properly display the location of
HTML documents. An attacker could exploit this behavior to mislead
users into revealing sensitive information.
(Other resources: CAN-2003-01025)
Impact
These vulnerabilities have different impacts, ranging from disguising
the true location of a URL to executing arbitrary commands or code.
Please see the individual vulnerability notes for specific
information. The most serious of these vulnerabilities (VU#784102)
could allow a remote attacker to execute arbitrary code with the
privileges of the user running IE. The attacker could exploit this
vulnerability by convincing the user to access a specially crafted
HTML document, such as a web page or HTML email message. No user
intervention is required beyond viewing the attacker's HTML document
with IE.
Solutions
Apply a patch
Apply the appropriate patch as specified by Microsoft Security
Bulletin MS04-004.
* Microsoft Security Bulletin MS04-004 -
<http://microsoft.com/technet/security/bulletin/MS04-004.asp>
Note: The fix included in MS04-004 for VU#652278 may cause sites that
use URLs of the form "username:password@www.example.com" to break.
This change, along with workarounds for users and administrators of
such sites, is covered in Microsoft KB Article 834489.
Vendor Information
This section contains information provided by vendors. When vendors
report new information, this section is updated and the changes are
noted in the revision history. If a vendor is not listed below, we
have not received their comments.
Microsoft
Please see Microsoft Security Bulletin MS04-004.
_________________________________________________________________
References
* CERT/CC Vulnerability Note VU#784102 -
<http://www.kb.cert.org/vuls/id/784102>
* CERT/CC Vulnerability Note VU#413886 -
<http://www.kb.cert.org/vuls/id/413886>
* CERT/CC Vulnerability Note VU#652278 -
<http://www.kb.cert.org/vuls/id/652278>
* Microsoft Security Bulletin MS04-004 -
<http://microsoft.com/technet/security/bulletin/MS04-004.asp>
* Microsoft KB Article 834489 -
<http://support.microsoft.com/?id=834489>
* CVE CAN-2003-01025 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-01025>
* CVE CAN-2003-01026 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-01026>
* CVE CAN-2003-01027 -
<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-01027>
_________________________________________________________________
Feedback can be directed to the authors, Allen Householder and Art
Manion.
_________________________________________________________________
Copyright 2004 Carnegie Mellon University.
Revision History
February 02, 2004: Initial release
- -----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
iD8DBQFAHvI/XlvNRxAkFWARAvpgAJsFng4fQDA1iOursbppOf8JoX2HXQCgt+B8
iK8Z8VaOs6MZsMuUGccHFko=
=bHZu
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
http://www.auscert.org.au/render.html?cid=1980
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business
hours which are GMT+10:00 (AEST). On call after hours
for member emergencies only.
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBQCGQiCh9+71yA2DNAQHxgwP/fi8r7D6CQqWd6qxqBjcqklFm/Oq/94G+
eV6FurkA19Os3tOah7M8nkvhYhoieCZMNppSKTlZEBU1j8rnQYGJwCtzLJUQdE1r
VOMLl/6P+MT4kaI9pKtlRbciAP16+ZkE1fvcLy8/okbyYnlViF29Jw9TLRuyToui
P6ryKwhyhFc=
=bbjY
-----END PGP SIGNATURE-----