Internet Explorer IFRAME Buffer Overflow Vulnerability

Discussion in 'other security issues & news' started by ronjor, Nov 3, 2004.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,798
    Location:
    Texas
    Secunia

    Extremely critical

    The vulnerability does not affect systems running Windows XP with SP2 installed.
    Successful exploitation does not normally require any user interaction, and code is already "in the wild" rather than in a controlled environment.
     
  2. FluxGFX

    FluxGFX Registered Member

    Joined:
    Jan 23, 2003
    Posts:
    667
    Location:
    Ottawa/Canada
    the IFRAME is quite interesting when used in that fashion. But IFRAM are less and less used now a day.
     
  3. dvk01

    dvk01 Global Moderator

    Joined:
    Oct 9, 2003
    Posts:
    3,131
    Location:
    Loughton, Essex. UK
    a very easy cure apart from stopping using IE is to use prevx which is supposed to prevent all known forms of buffer overflow in NT based systems
     
  4. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    A vulnerability in Explorer (Win98& older versions of NT) that may allow for script code to be executed in the Local Zone. When an IFRAME in a dialog changes its location or Zone, the dialogArguments object provided by the calling content should not be accessible. The dialogArguments object is accessible despite the fact that its originating location/Zone is different from the parent.

    A demonstration is available at:
    http://www16 .brinkster.com/liudieyu/BadParent/BadParent-MyPage.htm

    Fortunately, disabling scripting is a workaround.
     
  5. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    It would be cool if someone could test the POC with PrevX, since they claim it will stop buffer overflows. I'm not using PrevX yet btw, but this is a great chance for them to convince people of PrevX's potential powerful protection.
     
  6. still_longhorn

    still_longhorn Registered Member

    Joined:
    Oct 3, 2004
    Posts:
    256
    I never did like cure alls! I think in the early 1900's, they were referred to as "Snake Oil." prevx obviously has its uses that is why it has quite a following but a "cure all"? IMO there are simply too many unknowns due to design errors, Failure to Handle Exceptional Conditions, Access Validation Errors, Boundary Condition Errors, etc. for a single utility like prevx to be a cure all.
     
Loading...
Thread Status:
Not open for further replies.