[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Microsoft Explorer security hole (fwd) MSoft's reply...





Date: Thu, 22 Aug 1996 15:49:33 -0700
From: Thomas Reardon <[email protected]>
Subject: Re: Internet Explorer security problem (Felten, RISKS-18.36)
 
  >We have discovered a security flaw in the current version (3.0) of
  >Microsoft's Internet Explorer browser running under Windows 95.  An
  >attacker could exploit the flaw to run any DOS command on the machine 
  >of an Explorer user who visits the attacker's page.
 
We now post the virus warning dialog on local files (file: urls).  We have
always posted it on remote files (http: urls).  Note that the root of the
problem is not Java or the browser, but in macro-enabled applications.  IE3
has a mechanism to warn users about safety of documents when used with
common macro-enabled applications.  We are have updated Microsoft Word such
that by default it will not run macros embedded in documents.
 
-Thomas
 

>
>
>
>---------- Forwarded message ----------
>Date: Mon, 26 Aug 1996 01:35:07 GMT
>Subject: Microsoft Explorer security hole (fwd)
>
>On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
><[email protected]> wrote:
>
>To our Resellers/Customers,
>
>Our sysadmin received this security alert, and we thought we should
>pass it along...
>
>------- Forwarded Message
>
>Date: Wed, 21 Aug 1996 13:12:59 -0400
>From: [email protected] (Ed Felten)
>Subject: Internet Explorer Security Problem
>
>We have discovered a security flaw in the current version (3.0) of
>Microsoft's Internet Explorer browser running under Windows 95.  An
>attacker could exploit the flaw to run any DOS command on the machine of
>an Explorer user who visits the attacker's page.  For example, the
>attacker could read, modify, or delete the victim's files, or insert a
>virus or backdoor entrance into the victim's machine.  We have verified
>our discovery by creating a Web page that deletes a file on the machine of
>any Explorer user who visits the page.
>
>The core of the attack is a technique for delivering a document to the
>victim's browser while bypassing the security checks that would
>normally be applied to the document.  If the document is, for example, a
>Microsoft Word template, it could contain a macro that executes any DOS
>command.
>
>Normally, before Explorer downloads a dangerous file like a Word
>document, it displays a dialog box warning that the file might contain a
>virus or other dangerous content, and asking the user whether to abort the
>download or to proceed with the download anyway.  This gives the user a
>chance to avoid the risk of a malicious document.  However, our technique
>allows an attacker to deliver a document without triggering the dialog
>box.
>
>Microsoft has been notified and they are working on fixing the
>problem. Until a remedy is widely available, we will not disclose further
>details about the flaw.
>
>For more information, contact Ed Felten at [email protected] or
>609-258-5906.
>
>Dirk Balfanz and Ed Felten
>Dept. of Computer Science, Princeton University
>http://www.cs.princeton.edu/sip/
>
>------- End of Forwarded Message
>
>
>
>
>



--
------------------------------------------
There are no facts, only interpretations.

I always wanted to be somebody,