Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Microsoft Internet Explorer Travel Log Input Validation Flaw Lets Remote Users Run Arbitrary Scripting Code in the Local Computer Domain
|
|
SecurityTracker Alert ID: 1008901
|
|
CVE Reference: CAN-2003-1026
(Links to External Site)
|
Date: Feb 2 2004
|
Impact: Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via network
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 5.01, 5.5, 6.0
|
Description: An input validation vulnerability was reported in Microsoft Internet Explorer (IE) in the travel log. A remote user can cause arbitrary executables on the target user's system to run.
A vulnerability was reported in the processing of the "travel log" (used by the History tab) that allows cross-domain scripting attacks.
A remote user can reportedly create HTML that will inject specially crafted scripting code into the travel log. Then, when a target
user loads an affected URL from the travel log (which again can be effected via HTML), arbitrary scripting code will be executed.
The code will run in the security context of the target user. A remote user can cause an executable on the target user's system
to run and can access information from the Local Computer zone.
Microsoft credits Andreas Sandblad for reporting this vulnerability.
|
Impact: A remote user can cause arbitrary scripting code to be executed in the Local Computer zone with the privileges of the target user. This allows the remote user to cause applications on the target system to be executed.
|
Solution: Microsoft has issued the following fixes:
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C8849
10BC97&displaylang=en
Internet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86-4683-BC77-9BF410BC
620D&displaylang=en
Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852-4A04-B8F6-1DE327E598F0&displ
aylang=en
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F-4152-9AE4-8DCB4340414
9&displaylang=en
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A-4196-BFDE-29EBA8CF7A50&displaylang=en
Internet
Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA-4A54-B767-5597DDE95C6F&displaylang=en
Internet
Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E-49FD-9AA2-36D2D8454A92&displaylang=en
Internet
Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56-4F4A-8C0F-4183C77B6B51&displaylang=en
Internet
Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE-4C99-A780-81D6DBC48DD5&displaylang=en
The
Internet Explorer 6 Service Pack 1 (SP1) version of this update must be installed on Internet Explorer 6 SP1 (version 6.00.2800.1106)
on one of the following versions of Windows:
* Microsoft Windows NT Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition, Service
Pack 6
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows XP
* Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition, Service Pack 1
The Internet
Explorer 6 for Windows Server 2003 version of this update must be installed on Internet Explorer 6 (version 6.00.3790.0000) on Windows
Server 2003 (32-bit or 64-bit) or on Internet Explorer 6 (version 6.00.3790.0000) on Windows XP 64-Bit Edition, Version 2003.
The
Internet Explorer 6 version of this update must be installed on Internet Explorer 6 (version 6.00.2600.0000) on a 32-bit version
of Windows XP.
The Internet Explorer 5.5 version of this update must be installed on Internet Explorer 5.5 Service Pack 2 (version
5.50.4807.2300) on Microsoft Windows Millennium Edition
The Internet Explorer 5.01 version of this update must be installed on
one of the following:
* Internet Explorer 5.01 Service Pack 4 (version 5.00.3700.1000) on Windows 2000 SP4
* Internet Explorer
5.01 Service Pack 3 (version 5.00.3502.1000) on Windows 2000 SP3
* Internet Explorer 5.01 Service Pack 2 (version 5.00.3315.1000)
on Windows 2000 SP2
This update requires you to reboot your system after installation.
Microsoft reminds customers that this
cumulative update (as in the previous cumulative updates) will cause the window.showHelp( ) control to no longer work unless you
have applied the HTML Help update. See Microsoft Knowledge Base article 811630 for more information.
As previously reported
by Microsoft, this update removes support for handling user names and passwords in HTTP and HTTP with Secure Sockets Layer (SSL)
or HTTPS URLs in Microsoft Internet Explorer. The following URL syntax will no longer be supported in Internet Explorer or Windows
Explorer:
http(s)://username:password@server/resource.ext
More information about this is available in Microsoft Knowledge
Base article 834489.
Microsoft adds that the syntax "username:password@host.com" will also not be supported in URLs for XMLHTTP.
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS04-004.asp (Links to External Site)
|
Cause: Access control error, Input validation error
|
Underlying OS: Windows (NT), Windows (2000), Windows (2003), Windows (XP)
|
Underlying OS Comments: Windows NT, 2000, 2003, and XP
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 02 Feb 2004 16:24:25 -0500
Subject: http://www.microsoft.com/technet/security/bulletin/MS04-004.asp
|
http://www.microsoft.com/technet/security/bulletin/MS04-004.asp
> Microsoft Security Bulletin MS04-004
> Cumulative Security Update for Internet Explorer (832894)
> Impact of vulnerability: Remote Code Execution
> Maximum Severity Rating: Critical
This update replaces the cumulative update described in Microsoft Security Bulletin MS03-048.
This update affects Windows NT, 2000, 2003, and XP.
This update addresses three newly-discovered vulnerabilities:
* Travel Log Cross Domain Vulnerability CAN-2003-1026
* Function Pointer Drag and Drop Vulnerability CAN-2003-1027
* Improper URL Canonicalization Vulnerability CAN-2003-1025
CAN-2003-1026: Travel Log Cross Domain Vulnerability Could Allow Remote Code Execution
A vulnerability was reported in the processing of the "travel log" (used by the History
tab) that allows cross-site scripting attacks. A remote user can reportedly inject
specially crafted scripting code so that when a target user loads an affected URL from the
travel log, arbitrary scripting code will be executed. The code will run in the security
context of the target user. A remote user can cause an executable on the target user's
system to run.
Microsoft credits Andreas Sandblad for reporting this vulnerability.
CAN-2003-1027: Function Pointer Drag and Drop Operation Vulnerability Could Allow
Arbitrary Code to be Saved on User's System
It is reported that a remote user can create HTML that will invoke a drag and drop event
in Internet Explorer to save a file on the target user's system when the target user
clicks on a specially crafted link.
CAN-2003-1025: Improper URL Canonicalization Vulnerability Could Allow Attacker to Spoof
Websites
Microsoft confirmed the previously disclosed address bar vulnerability.
As previously reported by Microsoft, this update removes support for handling user names
and passwords in HTTP and HTTP with Secure Sockets Layer (SSL) or HTTPS URLs in Microsoft
Internet Explorer. The following URL syntax will no longer be supported in Internet
Explorer or Windows Explorer:
http(s)://username:password@server/resource.ext
More information about this is available in Microsoft Knowledge Base article 834489.
Microsoft adds that the syntax "username:password@host.com" will also not be supported in
URLs for XMLHTTP.
---
IE 5.01, 5.5, and 6 are affected. The following updates are available:
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=70530968-B59A-47C0-90D3-0C884910BC97&dis
playlang=en
Internet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=326EFFDA-8D86-4683-BC77-9BF410BC620D&dis
playlang=en
Internet Explorer 6 for Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=D78AE4F7-8852-4A04-B8F6-1DE327E598F0&dis
playlang=en
Internet Explorer 6 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=6A7894F0-789F-4152-9AE4-8DCB43404149&dis
playlang=en
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=BE0C18BC-7F9A-4196-BFDE-29EBA8CF7A50&dis
playlang=en
Internet Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=EFFE87F6-7ACA-4A54-B767-5597DDE95C6F&dis
playlang=en
Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F5E74139-6E0E-49FD-9AA2-36D2D8454A92&dis
playlang=en
Internet Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=202D3AAC-6B56-4F4A-8C0F-4183C77B6B51&dis
playlang=en
Internet Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=17904608-DCEE-4C99-A780-81D6DBC48DD5&dis
playlang=en
Microsoft reminds customers that this cumulative update (as in the previous cumulative
updates) will cause the window.showHelp( ) control to no longer work unless you have
applied the HTML Help update. See Microsoft Knowledge Base article 811630 for more
information.
The Internet Explorer 6 Service Pack 1 (SP1) version of this update must be installed on
Internet Explorer 6 SP1 (version 6.00.2800.1106) on one of the following versions of Windows:
* Microsoft Windows NTŪ Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows XP
* Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition, Service Pack 1
The Internet Explorer 6 for Windows Server 2003 version of this update must be installed
on Internet Explorer 6 (version 6.00.3790.0000) on Windows Server 2003 (32-bit or 64-bit)
or on Internet Explorer 6 (version 6.00.3790.0000) on Windows XP 64-Bit Edition, Version 2003.
The Internet Explorer 6 version of this update must be installed on Internet Explorer 6
(version 6.00.2600.0000) on a 32-bit version of Windows XP.
The Internet Explorer 5.5 version of this update must be installed on Internet Explorer
5.5 Service Pack 2 (version 5.50.4807.2300) on Microsoft Windows Millennium Edition
The Internet Explorer 5.01 version of this update must be installed on one of the following:
* Internet Explorer 5.01 Service Pack 4 (version 5.00.3700.1000) on Windows 2000 SP4
* Internet Explorer 5.01 Service Pack 3 (version 5.00.3502.1000) on Windows 2000 SP3
* Internet Explorer 5.01 Service Pack 2 (version 5.00.3315.1000) on Windows 2000 SP2
This update requires you to reboot your system after installation.
|
|
Go to the Top of This SecurityTracker Archive Page
|
