Microsoft Internet Explorer Multiple VulnerabilitiesSECUNIA ADVISORY ID:SA12048VERIFY ADVISORY:http://secunia.com/advisories/12048/CRITICAL:Extremely criticalIMPACT:Security Bypass, Spoofing, System accessWHERE:From remoteSOFTWARE:Microsoft Internet Explorer 5.01http://secunia.com/product/9/Microsoft Internet Explorer 5.5http://secunia.com/product/10/Microsoft Internet Explorer 6http://secunia.com/product/11/DESCRIPTION:Paul has reported some vulnerabilities in Internet Explorer, allowingmalicious people to bypass security restrictions and potentiallycompromise a vulnerable system.1) It is possible to redirect a function to another function with thesame name, which allows a malicious website to access the functionwithout the normal security restrictions.Successful exploitation allows execution of arbitrary script code inthe context of another website. This could potentially allowexecution of arbitrary code in other security zones too.2) Malicious sites can trick users into performing actions likedrag'n'drop or click on a resource without their knowledge. Anexample has been provided, which allows sites to add links to"Favorites". However, resources need not be links and thedestinationcould be different than "Favorites".This issue is a variant of an issue discovered by Liu Die Yu.SA9711http-equiv has posted a PoC (Proof of Concept), which combined withthe inherently insecure Windows "shell:" functionality, canbeexploited to compromise a vulnerable system.3) It is possible to inject arbitrary script code into Channel linksin Favorites, which will be executed when the Channel is added. Thescript code is executed in Local Security Zone context.4) It is possible to place arbitrary content above any other windowand dialog box using the "Window.createPopup()" function.This can beexploited to "alter" the appearance of dialog boxes andotherwindows.Successful exploitation may potentially cause users to open harmfulfiles or do other harmful actions without knowing it.An additional issue allowing malicious sites to inject script intothe Local Security Zone using anchor references has also beenreported to affect Internet Explorer 6 running on Windows XP SP2(release candidate / beta). This issue could not be confirmed on afully patched Windows XP SP1 system.Issues 1-4 has been confirmed on a fully patched system with InternetExplorer 6 and Microsoft Windows XP SP1.Previous versions of Internet Explorer may also be affected.SOLUTION:Disable Active Scripting.Use another product.PROVIDED AND/OR DISCOVERED BY:1-3) Discovered by Paul (greyhats).4) Originally discovered by Georgi Guninski.OTHER REFERENCES:SA9711:http://secunia.com/advisories/9711/
SOLUTION:Use another product.