IE Frame Injection Vulnerability

Secunia Advisory: SA11966
Release Date: 2004-06-30

Moderately critical
Impact: Spoofing
Where: From remote


Software: Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6

Description:
http-equiv has discovered a 6 year old vulnerability in Microsoft Internet Explorer, allowing malicious people to spoof the content of websites.

The problem is that Internet Explorer fails to stop a malicious website from loading arbitrary content in an arbitrary frame in another browser window. An example has been posted, which shows arbitrary content in a frame on windowsupdate.microsoft.com.

Solution:
Do not visit or follow links from untrusted websites.

Use another browser.

Read Security Bulletin

Just another reason people need to get rid of IE. Waht si it now? 3 unpatched vulnerabilities?

 

Chalk up yet another vulnerability for IE.

 

I am so glad that Microsoft started the Trustworthy Computing initiative, some two years ago, or there would have been some real problems with their products.


O nooooo, I forgot the [sarcastic mode] tags

 

Would it be possible to secure IE (from these flaws and others)by disabling activex, java, and setting the browser to the highest possible security settings?

 

Contrary to what you may have read....setting IE's Internet Zone to High setting(which disables Active Script and ActiveX)....will positively secure you from "these flaws and others"

If and when you read about the reported vulnerabilities in IE....almost ALL of them will have a Solution remark. It will recommend disabling active script. Even tho disabling active script for most users can be a pain in the rear....it's factual that IF users would disable active script IE would be secure from "these flaws and others"

 

You could add M$ update to your Trusted sites list ... and set that zone accordingly.

Unfortunately, all internet user's are going to have to learn about "security" ... SP2 will go a long way to contributing to that ... M$ support is gearing up for the expected on slaught ... which is I think the real reason for it's delay.

But switching gears to another browser ... is a must anyway ... never put all your eggs in one basket ... IE having the same system rights as the OS ... is a good enough reason IMHO to switch. Just like a layered defense.

dog -

 

Does anyone here ever wish that MS made it possible to uninstall IE? 'Cause I sure as heck do.

 

This link will definately not help keeping it all in balance. Change the link to "?search=linux and critical", remove the doubles, remove the non kernel related issues and compare that to "?search=windows and critical" to see a different picture. Now there's a balance

I never claimed that moving to another platform is enough. You'll have to manage that as well. But moving to any other platform that's running a smaller kernel can help. Why run any program from the kernel? One hole in the program is a hole in the kernel.

Problem is that I stilll can hardly see Microsoft making any real progress here. Remember a few months back MS published a new service pack for Office. Thereby introducing new vulnerabilities. How is that possible since they claim building to trustworthy computing principles. And since the installed base is so big, the magnitude of the problem is way bigger.

O, and I don't believe that the vulnerabilities in Windows are found just because of the installed base and the number of hackers around. The last vulnerabilities have been found by professionals in the field. Checking the closed source version.
I'm not bashing Microsoft, Microsoft are.

 

Hello,

This vulnerabylity does not use Active Scripting nor ActiveX.

I didn't get the hand on the POC but setting in Internet Security Zone "Prompt" for Start programs and files in a IFrame should solve the issue.

Regards

 

Most of them yes, There are a rare few flaws that cannot be handled by changing settings within the browser though.

Yes, and I was struck by the CERT advisory on the chm exploit. It said there was no solution (active scripting ,activex, java doesn't matter) other than importing some registry patch that cripples it.

 

Hello,

Regarding the Iframe Injection :

In Internet Security Zone :
Navigation in under-frames in different domains : Prompt

You may test here before and after the setting :
http://secunia.com/multiple_browsers_frame_injection_vulnerability_test/

Regards

 

Please forgive my ungodly n00berness, Meneer, but what the hell is a kernel?

 

Hi Jack,

Nice link ... thanks ... interesting results.

And the proper fix ... In Internet Security Zone : Navigation in under-frames in different domains : Prompt

Thanks

dog -

 

the kernel is the portion of the operating system that's closest to the processor, it's the basis on which all other components of the systeem software work.
Windows is supposed to be built around a microkernel, the kernel software itself is very small. The smaller the kernel, the less chance of faults, bugs and vulnerabilities there are.
Kernel software also runs in a special 'kernel space' of the processor, 'ring 0'. This is a protected area. Again, the less software is running in this ring 0 the better, because the software that's running in ring 0 is highly privileged and in direct command of the processor.
Since Windows has lots of processes running in 'kernel mode' lots of processes are in full control. So Internet Explorer is quite powerfull. IE plugins (ActiveX, BHO's) are all part of IE, so the are privileged proceses too.

Alls about kernels
About ring 0