SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Microsoft Internet Explorer Vendors:   Microsoft
(Vendor Issues Fix) Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains
SecurityTracker Alert ID:  1009198
SecurityTracker URL:  http://securitytracker.com/id/1009198
CVE Reference:   CVE-2003-0814, CVE-2003-0815, CVE-2003-0816   (Links to External Site)
Date:  Feb 25 2004
Impact:   Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.01, 5.5, 6, 6 SP1
Description:   Several cross-domain scripting vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary scripting to be executed in an arbitrary security domain.

Liu Die Yu reported multiple vulnerabilities in IE. A remote user can create HTML that, when loaded by the target user, will cause scripting code to be executed in a different domain (such as the Local Computer domain). The scripting code can access information related to the domain, potentially including cookies, files, and system commands.

Demonstration exploit examples are available at:

http://umbrella.mx.tc/
http://www.safecenter.net/liudieyu/

Impact:   A remote user can create HTML that will cause arbitrary scripting code to be executed in an arbitrary security domain on the target user's system when the target user loads the HTML.
Solution:   [Editor's note: On February 2, 2004, Microsoft issued MS04-004 that supercedes MS03-48. See the Message History for information on MS04-004.]

Microsoft has issued the following fixes as part of MS03-048:

Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9D8543E9-0E2B-46C9-B6C6-12DE03860465&displaylang=en

Int ernet Explorer 6 Service Pack 1 (64-Bit Edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=35F99CF5-3629-4E0E-BF60-24845D2D20C9&displaylang=en

Inter net Explorer 6 Service Pack 1 for Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7D0D02DD-8940-48E0-B163-3FCDCB558F21&displaylang=en

Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=8BEFA1EC-0C48-4B65-989D-58B0CE1E6 F95&displaylang=en

Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=4C4D22F0-FBF7-4EA6-9CC2-27D104D4198E&displaylang=en

Internet Explorer 5.5 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E438AFD4-DF70-448C-8925-1075C8BE6C5E&displaylang=en

Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C15E2DB3-14E2-43A4-A1A1-676374B66517&displaylang=en

Internet Explorer 5.01 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4853D8F-F66C-4D8A-9979-3B4F540F90A8&displaylang=en

Internet Explorer 5.01 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=221616D4-5893-4DA4-A223-B0DE548D6D83&displaylang=en


This cumulative update replaces the cumulative update that was described in MS03-040.

This update also sets the kill bit on the some ActiveX controls, including the Windows Trouble Shooter (Tshoot.ocx), the Symantec RuFSI Registry Information Class (Rufsi.dll), and the RAV Online Scanner (Ravonine.cab). See the advisory for the CLSID numbers.

See the Microsoft advisory for a list of workarounds and a description of installation options:

http://www.microsoft.com/technet/security/bulletin/MS03-048.asp

Vendor URL:  www.microsoft.com/technet/security/bulletin/MS03-048.asp (Links to External Site)
Cause:   Access control error, State error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Sep 12 2003 Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains



 Source Message Contents

Subject:  MS03-048


http://www.microsoft.com/technet/security/bulletin/MS03-048.asp

Microsoft Security Bulletin MS03-048

Cumulative Security Update for Internet Explorer (824145)

Issued: November 11, 2003
Version: 1.0

Impact of Vulnerability: Remote Code Execution

Maximum Severity Rating: Critical

CVE: CAN-2003-0814, CAN-2003-0815, CAN-2003-0816, CAN-2003-0817, CAN-2003-0823

Affected Versions:

              * Internet Explorer 6 Service Pack 1
              * Internet Explorer 6 Service Pack 1 (64-Bit Edition)
              * Internet Explorer 6 Service Pack 1 for Windows Server 2003
              * Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition)
              * Internet Explorer 6
              * Internet Explorer 5.5 Service Pack 2
              * Internet Explorer 5.01 Service Pack 4
              * Internet Explorer 5.01 Service Pack 3
              * Internet Explorer 5.01 Service Pack 2


Affected Operating Systems:

              * Microsoft Windows 98
              * Microsoft Windows 98 Second Edition
              * Microsoft Windows Millennium Edition
              * Microsoft Windows NT Server 4.0 Service Pack 6a
              * Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
              * Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
              * Microsoft Windows XP, Microsoft Windows XP Service Pack 1
              * Microsoft Windows XP 64-Bit Edition
              * Microsoft Windows XP 64-Bit Edition Version 2003
              * Microsoft Windows Server 2003, 64-Bit Edition


Microsoft issued a cumulative security update for Internet Explorer 5.01, 5.5, and 6.0.
The advisory included five new vulnerabilities:

              * ExecCommand Cross Domain Vulnerability: CAN-2003-0814
              * Function Pointer Override Cross Domain Vulnerability: CAN-2003-0815
              * Script URLs Cross Domain Vulnerability: CAN-2003-0816
              * XML Object Vulnerability: CAN-2003-0817
              * Drag-and-Drop Operation Vulnerability: : CAN-2003-0823


Microsoft has issued the following fixes:

Internet Explorer 6 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=9D8543E9-0E2B-46C9-B6C6-12DE03860465&amp
;displaylang=en

Internet Explorer 6 Service Pack 1 (64-Bit Edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=35F99CF5-3629-4E0E-BF60-24845D2D20C9&amp
;displaylang=en

Internet Explorer 6 Service Pack 1 for Windows Server 2003:

http://www.microsoft.com/downloads/details.aspx?FamilyId=7D0D02DD-8940-48E0-B163-3FCDCB558F21&amp
;displaylang=en

Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition):

http://www.microsoft.com/downloads/details.aspx?FamilyId=8BEFA1EC-0C48-4B65-989D-58B0CE1E6F95&amp
;displaylang=en

Internet Explorer 6:

http://www.microsoft.com/downloads/details.aspx?FamilyId=4C4D22F0-FBF7-4EA6-9CC2-27D104D4198E&amp
;displaylang=en

Internet Explorer 5.5 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=E438AFD4-DF70-448C-8925-1075C8BE6C5E&amp
;displaylang=en

Internet Explorer 5.01 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=C15E2DB3-14E2-43A4-A1A1-676374B66517&amp
;displaylang=en

Internet Explorer 5.01 Service Pack 3:

http://www.microsoft.com/downloads/details.aspx?FamilyId=F4853D8F-F66C-4D8A-9979-3B4F540F90A8&amp
;displaylang=en

Internet Explorer 5.01 Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=221616D4-5893-4DA4-A223-B0DE548D6D83&amp
;displaylang=en


This cumulative update replaces the cumulative update that was described in MS03-040.

This update also sets the kill bit on the some ActiveX controls, including the Windows
Trouble Shooter (Tshoot.ocx), the Symantec RuFSI Registry Information Class (Rufsi.dll),
and the RAV Online Scanner (Ravonine.cab).  See the advisory for the CLSID numbers.

See the Microsoft advisory for a list of workarounds and a description of installation
options:

http://www.microsoft.com/technet/security/bulletin/MS03-048.asp


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC