lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030821135343.2E85.SNSADV@lac.co.jp>
Date: Thu, 21 Aug 2003 13:56:23 +0900
From: "SecureNet Service(SNS) Spiffy Reviews" <snsadv@....co.jp>
To: bugtraq@...urityfocus.com
Subject: [SNS Advisory No.67] The Return of the Content-Disposition Vulnerability in IE


----------------------------------------------------------------------
SNS Advisory No.67
The Return of the Content-Disposition Vulnerability in IE

Problem first discovered on: Wed, 18 Sep 2002
Published on: Thu, 21 Aug 2003
----------------------------------------------------------------------

Overview:
---------
  Microsoft Internet Explorer is prone to a vulnerability that can, 
  under several conditions, result in the automatic download and 
  parse of a specific tag included with HTML files in the My Computer
  zone without the knowledge of the user.


Problem Description:
--------------------
  If specific MIME type is specified in the Content-Type header of 
  an HTTP response and if a special string is defined in the Content-
  Disposition header, this string can be automatically downloaded and 
  opened within the Temporary Internet Files (TIF) under several 
  conditions in Microsoft Internet Explorer.  A malicious website 
  administrator can induce a user to view a specially crafted web site 
  to cause the script to be automatically executed upon viewing the 
  malicious contents.  Execution of the script can then, disclose the 
  path to the TIF directory to the attacker.

  Additionally, if this vulnerability is exploited through a specific 
  string in the Content-Disposition header, the OBJECT tag can be 
  parsed in the "My Computer" zone.  However, if the user has access 
  to the malicious Web site, the attacker will be able to execute 
  programs on the computer with the user's privileges.


Tested Version:
---------------
  Internet Explorer 6 Service Pack 1 Japanese Edition


Solution:
---------
  Apply an appropriate patch available at:

  Microsoft Security Bulletin MS03-032:
  http://www.microsoft.com/technet/security/bulletin/MS03-032.asp

  Microsoft Security Bulletin MS03-032(Japanese site):
  http://www.microsoft.com/japan/technet/security/bulletin/MS03-032.asp 


Discovered by:
--------------
  Yuu Arai y.arai@....co.jp


Acknowledgements:
-----------------

  Thanks to:
  Security Response Team of Microsoft Asia Limited


Disclaimer:
-----------
  The information contained in this advisory may be revised without prior 
  notice and is provided as it is. Users shall take their own risk when 
  taking any actions following reading this advisory. LAC Co., Ltd. shall 
  take no responsibility for any problems, loss or damage caused by, or 
  by the use of information provided here.

  This advisory can be found at the following URL: 
  http://www.lac.co.jp/security/english/snsadv_e/67_e.html

------------------------------------------------------------------
Secure Net Service(SNS) Security Advisory <snsadv@....co.jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/





Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ