ALERT: Internet Explorer Vulnerability

Discussion in 'other security issues & news' started by Paul Wilders, Sep 8, 2003.

Thread Status:
Not open for further replies.
  1. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Oh well Java is almost as dangerous as activex. Well less so IMHO obviously because the way it works but still quite dangerous.
     
  2. Joe Wood

    Joe Wood Registered Member

    Joined:
    Sep 27, 2003
    Posts:
    26
    Location:
    San Diego
    OK ! I've disabeled Axtive X. I visit three sites regularily, and have put all three in the Trusted zone. On one of them, jlconline.com, a forum site, I keep getting that warning when I switch between forums, and sometimes between posts. Do I have to live with this, or, is there something else I can do ??
     
  3. Rickster

    Rickster Guest

    Hi. You shouldn't. When you go to your security settings again you'll see four zones > Internet, Local Internet, Trusted sites and Restricted sites, click on Trusted sites, then Advanced and set those to enable active x, etc. then click OK. If the web address is properly entered into the trusted zone, those specific settings will apply when you visit that site - hence, no prompts. For instance, I don't want to hassle with changing my internet settings to get MS updates, so the update site is in my trusted zone where everything is enabled. Later, Rick
     
  4. Rickster

    Rickster Guest

    Sorry Joe, I meant click "Custom Level" not Advanced. To the right of the Trusted Sites logo, you'll see a button that says, "Sites" click that to add the web address.

    If you have difficulty finding the site's specific address, go to the page or site you desire, right click your mouse, select "Properties" and the sites address will appear in the information. Simply highlight the address, copy and then paste it into that zone. Hope this helps. Rick
     
  5. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    o_O Unpatchable IE vulnerability 'in the wild'
    http://www.silicon.com/news/500013/14/6192.html
    29 September 2003
    "...Security experts have warned that a vulnerability that has apparently been left un-patched by Microsoft is being exploited by attackers "in the wild".
    - The 'object type' vulnerability, which was first acknowledged publicly by Microsoft on 20 August this year, allows an attacker to take control of a system by embedding malicious code in a web page. If the web page is viewed by an Internet Explorer browser - even a fully patched browser - the malicious code embedded in the web page will execute, experts say. Despite Microsoft acknowledging the patch doesn't work, it evidently has not yet issued a working fix for the vulnerability...
    - Managing director of mail filtering software company Clearswift, Chy Chuawiwat, told ZDNet Australia the vulnerability is serious. "It's definitely there and it continues to be easy to exploit," he said. "It could run anything and the users wouldn't know." Chuawiwat suggests users disable ActiveX controls and plug-ins until Microsoft issues a patch that fixes the vulnerability. "For most enterprises there's no need for ActiveX so it should be disabled," he said. "Our standard policy would remove executables including ActiveX."
    - Users can disable ActiveX controls in their Internet Explorer settings by clicking Tools, Internet Options, Security, and then modifying the settings for the 'Internet Zone'. Ironically, in order to patch the system through Microsoft's WindowsUpdate website when a fix becomes available, users must allow ActiveX controls and plug-ins to run in the Internet Zone."
     
  6. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    :eek:
    CERT® Incident Note IN-2003-04
    - Exploitation of Internet Explorer Vulnerability

    October 1, 2003
    http://www.cert.org/incident_notes/IN-2003-04.html
    "...Attacks include the installation of tools for launching distributed denial-of-service (DDoS) attacks and the use of the victim system's modem to dial pay-per-minute services thereby incurring significant expense to users. By convincing a user running a vulnerable version of Microsoft Internet Explorer (IE) to view an HTML document (e.g., a web page or HTML email), a remote attacker could execute arbitrary code with the privileges of the user...
    - The vulnerability...exists due to an interaction between IE's MIME type processing and the way it handles HTML application (HTA) files embedded in OBJECT tags. When an HTA file is referenced by the DATA attribute of an OBJECT element, and the web server returns the Content-Type header set to application/hta, IE may execute the HTA file directly, without user intervention..."
     
  7. Joe Wood

    Joe Wood Registered Member

    Joined:
    Sep 27, 2003
    Posts:
    26
    Location:
    San Diego
    Are you all trying to scare me about ActiveX ? I'm paranoid enough! being a fairly new computerer ! Everyone I ask dosen't know much about this, as if it's not a big deal.

    How many people are being attacked right now ?

    I disabeled it for the last few days, but decided to enable it again because of warnings I was getting at www.jlconline.com/ .

    Say, can we meet at the middle, and only disable a few of those ActX settings ??

    Isn't my Norton Internet , and router/firewall blocking whatever might come thru ?
     
  8. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    ;) - I don't believe -anyone- here is trying to "scare" anybody. The purpose is only to advise of a potential for catastrophic failure either on the users PC or network since they may be exposed to the vulnerability.
    o_O That is an "unknown" difficult for anyone to quantify - any suggestions?
    - You'll have to ask those who are exploiting others - but until MS comes up with a fix/patch, the good advice is to -disable ActiveX in IE, -or- obtain/use another browser that is not affected by this vuln.
    :eek: - No, because you've already granted "defacto" access to your PC through the firewall by the browser...
     
  9. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    ;) See this thread...!!!

    Cumulative Patch for Internet Explorer (828750)
    Originally posted: October 3, 2003


    (You can bet many tests will take place today - overtime, folks!)
     
    Last edited by a moderator: Apr 11, 2004
  10. Joe Wood

    Joe Wood Registered Member

    Joined:
    Sep 27, 2003
    Posts:
    26
    Location:
    San Diego
    OK, I went and installed those two new updates, and, I went and read that thread (which I really didn't understand). Now, what is this about a Test ??

    Are these updates addressing the ActiveX issue ?
     
  11. VikingStorm

    VikingStorm Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    387
    The update seems to have problems installing for some reason. When I update through windowsupdate, it lists it as IE6 SP1, installs it, and says it was successful. However, when I return, it says its not updated! If I download the patch for SP1 manually, it says I don't have SP1. If I try to reinstall IE6 SP1, it says I have a newer version than the installer has available. Is this purely screwed up? (I used HTAStop since the last time, does it mean I'm safe?)

    Don't I have SP1 installed? (last time I had to use the manual 6.0 patch which was the botched patch anyways, but introduced the random broken images problem again, ironically, the non-working SP1 Oct. Patch that doesn't install all the way actually fixed the broken image problem)
     

    Attached Files:

  12. AplusWebMaster

    AplusWebMaster Registered Member

    Joined:
    Jun 14, 2003
    Posts:
    239
    Location:
    Philadelphia, PA, USA
    o_O Uncertain as to "why" the patch install failed...

    But the WindowsUpdate site -requires- "Active X" be -enabled-...so if HTAStop was used, that very effectively -disables- "Active X"...hmmm...
     
  13. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    HTAStop don't disable ActiveX ;) Just disable mshta.exe

    First, open regedit and see wheather you have this key :
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{96543d59-497a-4801-a1f3-5936aacaf7b1}]
    @="Q828750"
    "IsInstalled"=dword:00000001
    "Version"="6,0,2800,1264"
    "ComponentID"="Q828750"

    If yes, it's an error in WU and you should add this Entry in your Registry :
    Name KB828750
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\KB828750]
    @="Preventing reinstall KB828750"

    CAUTION ! : don't add this key if you don't have the entry above.

    Rgds,
     
    Last edited by a moderator: Apr 11, 2004
  14. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,934
    Location:
    SW. Oklahoma
    I tried to take the test but my mcafee vius scan kept stopping the script from loading. I don't know if I passed or not o_O no other page ever loaded
     
  15. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O

    "Just another reason to be very careful using ActiveX, consider an IE replacement and a safe email "

    Quote from paul,(No I don't know how you tech's do the quotes).

    Just wondering what you would recomend, as a sub for it??

    Thanks for all the advice and help "Wilders" is giving the world!!

    :cool:
     
  16. Whynot

    Whynot Registered Member

    Joined:
    Feb 8, 2004
    Posts:
    50
    HI,
    I hope this is in the correct forum. I've just recieved notification of the latest vulnerabilities in windows and IE. Now, from past experience, some of these patches can cause other (un)related problems. My question is - if users are using properly(?) configured firewalls, AV software, Trojan Scanners and possibly PG, does that obviate the need to patch immediately
     
  17. ShotgunGirl

    ShotgunGirl Guest

    just a comment from a newbes. Just took the little test. Hee hee, the firewall stopped it cold. Yes sir, the firewall. After peeking at the test its certain that my "other" security would have prevented it executing.
    Didn't read the entire thread here but what was read never mentioned a firewall. Oh, actX is wide open on this OS. Using IE
     
  18. ShotgunGirl

    ShotgunGirl Guest

    TCP Connection to {websrv.secunia.com} [213.1:80] was blocked {ip address clipped out}


    "internet explorer cannot open the internet site {http://secunia.com/ms03-032/test_object/test.html}"
     
  19. Rita

    Rita Infrequent Poster

    Joined:
    Jun 28, 2004
    Posts:
    6,863
    Location:
    wilds of wv
    Hi Paul
    I done the test and sure enough secuna was loaded on to the other page.What does this mean and do i need to do something to fix it.i am only learning about computers and all the security stuff therefore i only understand half of what i read but guess i will learn sometime.hope this is not to dumb a question but i can only learn thru asking questions
    thank you
    Rita :oops:
     
  20. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
  21. iceni60

    iceni60 ( ^o^)

    Joined:
    Jun 29, 2004
    Posts:
    5,116
    here's the screenshot...
     

    Attached Files:

Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.