[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Microsoft Explorer security hole (fwd) MSoft's reply...
Date: Thu, 22 Aug 1996 15:49:33 -0700
From: Thomas Reardon <[email protected]>
Subject: Re: Internet Explorer security problem (Felten, RISKS-18.36)
>We have discovered a security flaw in the current version (3.0) of
>Microsoft's Internet Explorer browser running under Windows 95. An
>attacker could exploit the flaw to run any DOS command on the machine
>of an Explorer user who visits the attacker's page.
We now post the virus warning dialog on local files (file: urls). We have
always posted it on remote files (http: urls). Note that the root of the
problem is not Java or the browser, but in macro-enabled applications. IE3
has a mechanism to warn users about safety of documents when used with
common macro-enabled applications. We are have updated Microsoft Word such
that by default it will not run macros embedded in documents.
-Thomas
>
>
>
>---------- Forwarded message ----------
>Date: Mon, 26 Aug 1996 01:35:07 GMT
>Subject: Microsoft Explorer security hole (fwd)
>
>On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
><[email protected]> wrote:
>
>To our Resellers/Customers,
>
>Our sysadmin received this security alert, and we thought we should
>pass it along...
>
>------- Forwarded Message
>
>Date: Wed, 21 Aug 1996 13:12:59 -0400
>From: [email protected] (Ed Felten)
>Subject: Internet Explorer Security Problem
>
>We have discovered a security flaw in the current version (3.0) of
>Microsoft's Internet Explorer browser running under Windows 95. An
>attacker could exploit the flaw to run any DOS command on the machine of
>an Explorer user who visits the attacker's page. For example, the
>attacker could read, modify, or delete the victim's files, or insert a
>virus or backdoor entrance into the victim's machine. We have verified
>our discovery by creating a Web page that deletes a file on the machine of
>any Explorer user who visits the page.
>
>The core of the attack is a technique for delivering a document to the
>victim's browser while bypassing the security checks that would
>normally be applied to the document. If the document is, for example, a
>Microsoft Word template, it could contain a macro that executes any DOS
>command.
>
>Normally, before Explorer downloads a dangerous file like a Word
>document, it displays a dialog box warning that the file might contain a
>virus or other dangerous content, and asking the user whether to abort the
>download or to proceed with the download anyway. This gives the user a
>chance to avoid the risk of a malicious document. However, our technique
>allows an attacker to deliver a document without triggering the dialog
>box.
>
>Microsoft has been notified and they are working on fixing the
>problem. Until a remedy is widely available, we will not disclose further
>details about the flaw.
>
>For more information, contact Ed Felten at [email protected] or
>609-258-5906.
>
>Dirk Balfanz and Ed Felten
>Dept. of Computer Science, Princeton University
>http://www.cs.princeton.edu/sip/
>
>------- End of Forwarded Message
>
>
>
>
>
--
------------------------------------------
There are no facts, only interpretations.
I always wanted to be somebody,