CERT-In Advisory
CIAD-2004-0018
Multiple vulnerabilities in Internet Explorer
Original Issue Date: July 31, 2004
Severity Rating: High
Systems Affected
- Windows NT Workstation 4.0 SP6a
- Windows NT Server 4.0 SP6a
- Windows NT Server 4.0, Terminal Server Edition SP6
- Windows 2000 Service Pack 2 SP2
- Windows 2000 SP3
- Windows 2000 SP4
- Windows XP
- Windows XP SP1
- Windows Server 2003
- Windows 98
- Windows 98 Second Edition SE
- Windows Millennium Edition Windows Me
- Internet Explorer 5.01 SP2
- Internet Explorer 5.01 SP3
- Internet Explorer 5.01 SP4
- Internet Explorer 5.5 SP2
- Internet Explorer 6
- Internet Explorer 6 SP1
- Internet Explorer 6 on Windows Server 2003
Overview
Microsoft has released patches for three vulnerabilities which have been reported in Internet Explorer.
Impact
Successful exploitation of these vulnerabilities results in access to local resources on a victim's system and execution of arbitrary code in the context of the local user. It has been reported that exploits are available for one of these vulnerabilities namely " Modal Dialog Zone Bypass Vulnerability" CAN-2004-0549 described in CERT-In advisory CIAD-2004-12
Description
1. Navigation Method Cross-Domain Vulnerability or Modal Dialog Zone Bypass vulnerability
(
CAN-2004-0549
)
A vulnerability exists in Internet Explorer because of the way that it handles navigation methods. For exploiting these vulnerabilities users are enticed to follow a link or view a malicious HTML document. Successful exploitation enables the attacker to run malicious script code in the local Machine Security Zone in Internet Explorer and gain user privileges. For further details regarding this vulnerability refer
CIAD-2004-0012
However users who have already applied patches mentioned in the CERT-In vulnerability Note
CIVN-2004-0027
and configuration change mentioned both in the Incident Note CIIN-2004-08 and Microsoft KB article 870669 are at reduced risk.
2. Malformed BMP File Buffer Overrun Vulnerability
(
CAN-2004-0566
)
An integer signedness error exists in the handling of BMP image file formats causing buffer overrun that could allow remote code execution on an affected system. The attacker who successfully exploits this vulnerability gains user privileges. If the user logs in with administrative privileges, the attacker gains complete control of affected system. According to Microsoft certain versions of Internet Explorer are not affected by this vulnerability. Details can be found in Microsoft Security Bulletin MS04-025.
3. Malformed GIF File Double Free Vulnerability
(
CAN-2003-1048
)
A buffer overrun vulnerability exists in the processing of GIF image file formats that could allow remote code execution on an affected system. An attacker could create a specially crafted GIF file, to try to release or "free" memory that may have already been set aside for use. Releasing memory that has already been freed could lead to memory corruption. An attacker could add arbitrary code to memory that is then executed when the corruption occurs. This vulnerability could lead to a Denial of Service.
Solution
Apply appropriate patches as mentioned in the Microsoft Security Bulletin
MS04-025
Workaround
- Microsoft has suggested certain workarounds and the consequences of their
application in the Security Bulletin MS 04-025.
- Support for active scripting should be disabled for all but trusted web sites.
- Read e-mail messages in plain text format.
Vendor Information
Microsoft
Microsoft Security Bulletin MS04-025
http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx
Microsoft Knowledge Base Articles
http://support.microsoft.com/?id=875345
http://support.microsoft.com/?id=871260
http://support.microsoft.com/?id=867801
References
US-CERT Technical Cyber Security Alert TA04-212A
http://www.us-cert.gov/cas/techalerts/TA04-212A.html
Security Focus Vulns Info ' Microsoft Internet Explorer Modal Dialog Zone Bypass Vulnerability'
http://www.securityfocus.com/bid/10473/
Security Focus
http://www.securityfocus.com/bid/10473/
Security Focus
http://www.securityfocus.com/bid/10473/
Secunia Advisory SA11793
http://secunia.com/advisories/11793/
Secunia Advisory SA12192
http://secunia.com/advisories/12192/
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind.
Contact Information
Email: info@cert-in.org.in Phone: +91-11-2436857
Postal address
Indian Computer Emergency Response Team (CERT-In)
Ministry of Electronics and Information Technology
Government of India
Electronics Niketan
6, CGO Complex, Lodhi Road,
New Delhi - 110 003
India
|