Operating System:

[Win]

Published:

06 June 2007

Protect yourself against future threats.

//Service

Incident Management

Whether it is proactive or reactive services you're after, we will help you detect, interpret and respond to attacks from across the globe.

Read more
Resources > Security Bulletins > ESB-2007.0381 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                          ESB-2007.0381 -- [Win]
          Microsoft Internet Explorer cross-domain vulnerability
                                6 June 2007

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Microsoft Internet Explorer 6 and 7
Publisher:            US-CERT
Operating System:     Windows
Impact:               Access Privileged Data
                      Cross-site Scripting
Access:               Remote/Unauthenticated

Original Bulletin:    
  http://www.kb.cert.org/vuls/id/471361
  http://marc.info/?l=bugtraq&m=118097185402772&w=2

Comment: Note that this race vulnerability is reported also to allow
         memory corruption, as per the original Bugtraq post linked above.
         Whether this may allow an attacker to execute arbitrary code
         has not yet been confirmed.

- --------------------------BEGIN INCLUDED TEXT--------------------

US-CERT Vulnerability Note VU#471361
Microsoft Internet Explorer cross-domain vulnerability

Overview

	Microsoft Internet Explorer contains a race condition that results
	in a cross-domain violation.

I. Description

	Internet Explorer uses a cross-domain security model to maintain
	separation between browser frames from different sources. This model
	is designed to prevent code in one domain from accessing data in a
	different domain. The Internet Security Manager Object determines
	which zone or domain a URL exists in and what actions can be performed.

	A race condition in Internet Explorer may allow an attacker to evade
	the cross-domain security model. Note that Internet Explorer 6 and
	Internet Explorer 7 are affected by this vulnerability.

II. Impact
	
	A website in one domain has the ability to access information in
	another domain. The website may also be able to execute scripts or
	take other actions that are permitted in the other domain.

III. Solution

	We are currently unaware of a practical solution to this problem.

	Do not follow unsolicited links

	In order to convince users to visit their sites, attackers often use
	URL encoding, IP address variations, long URLs, intentional
	misspellings, and other techniques to create misleading links. Use
	caution when clicking on unsolicited links received in email, instant
	messages, web forums, or internet relay chat (IRC) channels. Type
	URLs directly into the browser to avoid these misleading links. While
	these are generally good security practices, following these behaviors
	will not prevent exploitation of this vulnerability in all cases.

	Disable Javascript

	Disabling Javascript may mitigate this vulnerability. Instructions
	for disabling javascript can be found in the Securing Your Web Browser
	document. http://www.cert.org/tech_tips/securing_browser/#Internet_Explorer

Systems Affected

	Vendor                 Status      Date Updated
	Microsoft Corporation  Vulnerable  5-Jun-2007

References

	http://archives.neohapsis.com/archives/fulldisclosure/2007-06/0026.html
	http://msdn2.microsoft.com/en-us/library/ms537183.aspx
	http://msdn2.microsoft.com/en-us/library/ms537186.aspx
	http://www.cert.org/tech_tips/securing_browser/#Internet_Explorer
	http://www.antiphishing.org/consumer_recs.html

Credit

	This issue was reported by Michal Zalewski on the Full-Disclosure
	mailing list.

	This document was written by Ryan Giobbi.

Other Information

	Date Public	06/04/2007
	Date First Published	06/05/2007 09:24:29 AM
	Date Last Updated	06/05/2007
	CERT Advisory	 
	CVE Name	 
	Metric	0.00
	Document Revision	12

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        http://www.auscert.org.au/render.html?cid=1980

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:

        http://www.auscert.org.au/render.html?it=3192

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================

-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQCVAwUBRmXzgCh9+71yA2DNAQJmLwP/SskZ9E0yRdePVyS1LYXVj7qezsk66GN3
WLjHeN/RddwWB98FAOYaFND9W9NHOChHf0Up+RxqasBEwfWrdSwLaQOWCJemH8E0
LrZoLYa88KdHcDL9w9NWfRIyhi1ltewoXLI+MG/nQBi3zZfTyGyxS9pjIw2ZVqwr
R/NWsUvNxok=
=mr4X
-----END PGP SIGNATURE-----