[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Microsoft Explorer security hole (fwd)





---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 01:35:07 GMT
Subject: Microsoft Explorer security hole (fwd)

On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
<[email protected]> wrote:

To our Resellers/Customers,

Our sysadmin received this security alert, and we thought we should
pass it along...

------- Forwarded Message

Date: Wed, 21 Aug 1996 13:12:59 -0400
From: [email protected] (Ed Felten)
Subject: Internet Explorer Security Problem

We have discovered a security flaw in the current version (3.0) of
Microsoft's Internet Explorer browser running under Windows 95.  An
attacker could exploit the flaw to run any DOS command on the machine of
an Explorer user who visits the attacker's page.  For example, the
attacker could read, modify, or delete the victim's files, or insert a
virus or backdoor entrance into the victim's machine.  We have verified
our discovery by creating a Web page that deletes a file on the machine of
any Explorer user who visits the page.

The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would
normally be applied to the document.  If the document is, for example, a
Microsoft Word template, it could contain a macro that executes any DOS
command.

Normally, before Explorer downloads a dangerous file like a Word
document, it displays a dialog box warning that the file might contain a
virus or other dangerous content, and asking the user whether to abort the
download or to proceed with the download anyway.  This gives the user a
chance to avoid the risk of a malicious document.  However, our technique
allows an attacker to deliver a document without triggering the dialog
box.

Microsoft has been notified and they are working on fixing the
problem. Until a remedy is widely available, we will not disclose further
details about the flaw.

For more information, contact Ed Felten at [email protected] or
609-258-5906.

Dirk Balfanz and Ed Felten
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------- End of Forwarded Message