IE Frame Injection Vulnerability

Discussion in 'other security issues & news' started by NeonWizard, Jun 30, 2004.

Thread Status:
Not open for further replies.
  1. NeonWizard

    NeonWizard Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    64
    Location:
    Vancouver,Canada
    Secunia Advisory: SA11966
    Release Date: 2004-06-30

    Moderately critical
    Impact: Spoofing
    Where: From remote


    Software: Microsoft Internet Explorer 5.01
    Microsoft Internet Explorer 5.5
    Microsoft Internet Explorer 6

    Description:
    http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.

    The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.

    Solution:
    Do not visit or follow links from untrusted websites.

    Use another browser.

    Read Security Bulletin

    Just another reason people need to get rid of IE. Waht si it now? 3 unpatched vulnerabilities?
     
  2. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Chalk up yet another vulnerability for IE. :p
     
  3. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    I am so glad that Microsoft started the Trustworthy Computing initiative, some two years ago, or there would have been some real problems with their products.


    O nooooo, I forgot the [sarcastic mode] tags
     
  4. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    Good to look at other "stuff" too just to keep it in balance.


    Secunia
     
  5. Hightop

    Hightop Guest

    Would it be possible to secure IE (from these flaws and others)by disabling activex, java, and setting the browser to the highest possible security settings?
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas

    Not right now. You could try Firefox, Mozilla, Opera, or others in the meantime.

    Microsoft is supposed to be "working on it".
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Contrary to what you may have read....setting IE's Internet Zone to High setting(which disables Active Script and ActiveX)....will positively secure you from "these flaws and others"

    If and when you read about the reported vulnerabilities in IE....almost ALL of them will have a Solution remark. It will recommend disabling active script. Even tho disabling active script for most users can be a pain in the rear....it's factual that IF users would disable active script IE would be secure from "these flaws and others"
     
  8. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas

    If you set all the settings to high, you will have to get Windows Update manually for instance, or change your settings everytime.

    You are correct in what you say although the act of changing all those settings can be more than some can do.

    Since most of the exploits are aimed at IE, I would recommend another browser until the air clears.
     
  9. dog

    dog Guest

    You could add M$ update to your Trusted sites list ... and set that zone accordingly.

    Unfortunately, all internet user's are going to have to learn about "security" ... SP2 will go a long way to contributing to that ... M$ support is gearing up for the expected on slaught ... which is I think the real reason for it's delay. ;)

    But switching gears to another browser ... is a must anyway ... never put all your eggs in one basket ... IE having the same system rights as the OS ... is a good enough reason IMHO to switch. Just like a layered defense. ;)

    dog - *puppy*
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,751
    Location:
    Texas
    Correct. :) In the meantime---------- :cool:
     
  11. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Does anyone here ever wish that MS made it possible to uninstall IE? 'Cause I sure as heck do.
     
  12. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    This link will definately not help keeping it all in balance. Change the link to "?search=linux and critical", remove the doubles, remove the non kernel related issues and compare that to "?search=windows and critical" to see a different picture. Now there's a balance :rolleyes:

    I never claimed that moving to another platform is enough. You'll have to manage that as well. But moving to any other platform that's running a smaller kernel can help. Why run any program from the kernel? One hole in the program is a hole in the kernel.

    Problem is that I stilll can hardly see Microsoft making any real progress here. Remember a few months back MS published a new service pack for Office. Thereby introducing new vulnerabilities. How is that possible since they claim building to trustworthy computing principles. And since the installed base is so big, the magnitude of the problem is way bigger.

    O, and I don't believe that the vulnerabilities in Windows are found just because of the installed base and the number of hackers around. The last vulnerabilities have been found by professionals in the field. Checking the closed source version.
    I'm not bashing Microsoft, Microsoft are.
     
  13. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    This vulnerabylity does not use Active Scripting nor ActiveX.

    I didn't get the hand on the POC but setting in Internet Security Zone "Prompt" for Start programs and files in a IFrame should solve the issue.

    Regards
     
  14. Ronin

    Ronin Guest

    Most of them yes, There are a rare few flaws that cannot be handled by changing settings within the browser though.

    Yes, and I was struck by the CERT advisory on the chm exploit. It said there was no solution (active scripting ,activex, java doesn't matter) other than importing some registry patch that cripples it.
     
  15. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    Regarding the Iframe Injection :

    In Internet Security Zone :
    Navigation in under-frames in different domains : Prompt

    You may test here before and after the setting :
    http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

    Regards
     
  16. Pigman

    Pigman Registered Member

    Joined:
    May 15, 2004
    Posts:
    381
    Please forgive my ungodly n00berness, Meneer, but what the hell is a kernel?
     
  17. dog

    dog Guest

    Hi Jack, ;)

    Nice link ... thanks ... interesting results.

    And the proper fix ... In Internet Security Zone : Navigation in under-frames in different domains : Prompt

    Thanks

    dog - *puppy*
     
  18. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    :) the kernel is the portion of the operating system that's closest to the processor, it's the basis on which all other components of the systeem software work.
    Windows is supposed to be built around a microkernel, the kernel software itself is very small. The smaller the kernel, the less chance of faults, bugs and vulnerabilities there are.
    Kernel software also runs in a special 'kernel space' of the processor, 'ring 0'. This is a protected area. Again, the less software is running in this ring 0 the better, because the software that's running in ring 0 is highly privileged and in direct command of the processor.
    Since Windows has lots of processes running in 'kernel mode' lots of processes are in full control. So Internet Explorer is quite powerfull. IE plugins (ActiveX, BHO's) are all part of IE, so the are privileged proceses too.

    Alls about kernels
    About ring 0
     
Loading...
Thread Status:
Not open for further replies.