Cumulative Patch for Internet Explorer

Discussion in 'other security issues & news' started by discogail, Jun 4, 2003.

Thread Status:
Not open for further replies.
  1. discogail

    discogail Security Expert

    Joined:
    Feb 9, 2002
    Posts:
    151
    Title: Cumulative Patch for Internet Explorer (818529)
    Date: 04 June 2003
    Software: Microsoft(r) Microsoft Internet Explorer(r) 5.01
    Microsoft Internet Explorer 5.5
    Microsoft Internet Explorer 6.0
    Microsoft Internet Explorer 6.0 for Windows Server 2003
    Impact: Allow an attacker to execute code of their choice
    Max Risk: Critical
    Bulletin: MS03-020

    Microsoft encourages customers to review the Security Bulletins at:
    http://www.microsoft.com/technet/security/bulletin/MS03-020.asp
    http://www.microsoft.com/security/security_bulletins/ms03-020.asp
    - - ------------------------------------------------------------------

    Issue:
    ======
    This is a cumulative patch that includes the functionality of all
    previously released patches for Internet Explorer 5.01, 5.5 and 6.0.
    In addition, it eliminates two newly discovered vulnerabilities:


    - A buffer overrun vulnerability that occurs because Internet
    Explorer does not properly determine an object type returned from a
    web server. It could be possible for an attacker who exploited this
    vulnerability to run arbitrary code on a user's system. If a user
    visited an attacker's website, it would be possible for the attacker
    to exploit this vulnerability without any other user action. An
    attacker could also craft an HTML email that attempted to exploit
    this vulnerability.

    - A flaw that results because Internet Explorer does not implement
    an appropriate block on a file download dialog box. It could be
    possible for an attacker to exploit this vulnerability to run
    arbitrary code on a user's system. If a user simply visited an
    attacker's website, it would be possible for the attacker to exploit
    this vulnerability without any other user action. An attacker could
    also craft an HTML email that attempted to exploit this
    vulnerability.

    In order to exploit these flaws, the attacker would have to create a
    specially formed HTML email and send it to the user. Alternatively
    an attacker would have to host a malicious web site that contained a
    web page designed to exploit these vulnerabilities. The attacker
    would then have to persuade a user to visit that site.

    As with the previous Internet Explorer cumulative patches released
    with bulletins MS03-004 and MS03-015, this cumulative patch will
    cause window.showHelp( ) to cease to function if you have not
    applied the HTML Help update. If you have installed the updated HTML
    Help control from Knowledge Base article 811630, you will still be
    able to use HTML Help functionality after applying this patch.

    Mitigating factors:
    ====================
    The following mitigating factors apply to both vulnerabilities
    discussed in this bulletin:


    - By default, Internet Explorer on Windows Server 2003 runs in
    Enhanced Security Configuration. This default configuration of
    Internet Explorer blocks these attacks. If Internet Explorer
    Enhanced Security Configuration has been disabled, the protections
    put in place that prevent these vulnerabilities from being exploited
    would be removed.
    - In the Web based attack scenario, the attacker would have to host
    a web site that contained a web page used to exploit these
    vulnerabilities. An attacker would have no way to force users to
    visit a malicious web site outside of the HTML email vector.
    Instead, the attacker would need to lure them there, typically by
    getting them to click on a link that would take them to the
    attacker's site.
    - Code that executed on the system would only run under the
    privileges of the logged in user.

    Risk Rating:
    ============
    Critical

    Patch Availability:
    ===================
    - A patch is available to fix this vulnerability. Please read the
    Security Bulletins at

    http://www.microsoft.com/technet/security/bulletin/ms03-020.asp
    http://www.microsoft.com/security/security_bulletins/ms03-020.asp

    for information on obtaining this patch.

    Acknowledgment:
    ===============
    - eEye Digital Security (http://www.eeye.com/)
     
Loading...
Thread Status:
Not open for further replies.