2 More serious IE exploits found

The first one is less serious

http://www.secunia.com/advisories/10523/

Arman Nayyeri has discovered a variant of the older showHelp() zone bypass vulnerability, which works in Internet Explorer with all current patches.

Websites can call the showHelp() function and open locally installed "CHM" files, which are compressed help files. These may contain references to system commands and can execute code with the privileges of the logged in user.

Normally, it isn't a problem that Internet Explorer allows websites to open locally installed "CHM" files as they are considered trusted.

However, other files can be treated as "CHM" files by using a special syntax with a double ":" appended to the file name combined with a directory traversal using the "..//" character sequence.

This can be exploited if a program such as WinAmp, XMLHTTP, ADODB stream or others allow websites to place files in a known location.

An example exploit has been published, which is capable of running arbitrary code on the system if WinAmp is installed in the default location.

The vulnerability has been confirmed in fully patched Internet Explorer 6 with WinAmp 5 installed.

Solution:
Disable active scripting support and enable it only for trusted sites.

Filter HTML pages with references to "showHelp()" using a HTTP proxy or firewall with content filtering capabilities.

Use another product.


The second is a stunner just announced on bugtraq, unfortunately I can't seem to access it now to post the link, but it basically allows another attacker to save and excute any link you click on.

 

This might be the other threat you mentioned   

http://www.vnunet.com/News/1151714
      
WHERE ARE YOU?
Security /Bugs and fixes /News
   
New IE flaw allows easier phishing
By Robert Jaques [23-12-2003]
Scammers can now show identical URLs to real sites, warns security firm

   
   

Millions of Internet Explorer users have been warned of a security vulnerability within the browser that poses a "significant risk".

According to analysts from the X-Force division of security firm ISS, the flaw can allow website addresses or URLs to display incorrectly in the browser's navigation bar, thereby allowing scams that trick users into trusting a bogus website.

The flaw, which ISS says is trivial to exploit, may be triggered when individuals navigate to URLs from within emails or hostile web pages.

Similar vulnerabilities have been used extensively in mass emails, or fake websites designed to replicate the original in an effort to steal personal information from the victim.

"This type of attack has commonly been referred to as 'phishing'. Whereas past phishing attacks used URLs similar to the original, this new vulnerability allows URLs that are identical to the original website," said the X-Force Security Alert.

"This makes it almost impossible for individuals to differentiate between fraudulent sites and legitimate sites."

Affected versions of the browser include Internet Explorer 6.0, 5.5 and 5.01. The complete X-Force advisory can be viewed here.

 

No. The one you point out is pretty well known and is old already,

There's another one a much more serious and recent one that bypasses the download dialog, and automatically executes files, but as of now, the press still isn't reporting and for some reason bugtraq is still down for me ??

 

I have this as exploit #14 in my poll which I updated on 1/4/04:

http://www.wilderssecurity.com/showthread.php?t=11975

more info:

http://www.securityfocus.com/bid/9278/discussion