Another MS Internet Explorer Security Hole

← Back to Stories (view on slashdot.org)

Another MS Internet Explorer Security Hole

Posted by timothy on Wednesday November 3, 2004 @02:37AM from the ever-onward dept.

chkorn writes "Michal Zalewski detected another security issue in Microsoft's Internet Explorer. With a well formed FRAME or IFRAME tag a Buffer Overflow happens and you can execute bad code on the stack. In his announcement on Bugtraq, he added a proof of concept and explained that all Internet Explorer 6.0 versions are affected, except Windows XP SP2 installations."

18 comments

Min score:

Reason:

Sort:

Foresight? by erykjj · 2004-11-03 02:45 · Score: 1

I guess MS saw that one coming.
1. Re:Foresight? by alatesystems · 2004-11-03 02:50 · Score: 1
  
  I assumed you're being sarcastic, but my guess is that it is prevented by the _software_ DEP in SP2. Since I have an athlon 64 (at home), I actually have hardware DEP support which is really cool.
  
  AKA NX.
  
  Chris
implementation by alatesystems · 2004-11-03 02:48 · Score: 4, Informative

I tried it on an xp SP1 box and it just freezes it.

I tried it on Mozilla 1.7.3 and it freezes it for about a minute, and then unfreezes and shows a blank IFRAME.

If you want to try it w/o extracting and all that stuff, click here.

Chris
1. Re:implementation by 42forty-two42 · 2004-11-03 11:23 · Score: 1
  
  Firefox 1.0PR just shows some binary crap.
Another MS security hole... by SimianOverlord · 2004-11-03 02:56 · Score: 2, Insightful

...already patched by Microsoft. Really, I swear half their security problems just come from clueless users not keeping up to date on patches. How hard is it to turn on Windows Update for chrissakes?

I think this artificially inflates Linux et al.'s security record to some degree, as Linux / other OSs administrators are more likely to be up to date, being generally more technically savvy.

--
Meine Schwester ist sehr, sehr reizvoll - Nietzsche
1. Re:Another MS security hole... by eyepeepackets · 2004-11-03 03:52 · Score: 3, Interesting
  
  "...half their security problems just come from clueless users..."
  
  Yes, but isn't that one of Microsoft's main selling points with Windows, that users don't need a clue, just run it and MS takes care of the rest, the great Toaster Oven of operating systems?
  
  "How hard is it to turn on Windows Update..."
  
  Most of the Windows users I run into who aren't updated are afraid to update because the last time they tried that it hosed their systems. Some few have never heard of Windows Updates.
  
  "...Linux / other OSs administrators are more likely to be up to date..."
  
  Well yeah, but some of us are just plain lazy too. *inn*
  
  Ciao.
  
  --
  Everything in the Universe sucks: It's the law!
2. Re:Another MS security hole... by Sputum · 2004-11-03 11:13 · Score: 1
  
  OK We have a 256kbps DSL link. If we turned on Automatic updates and had every PC downloading an update every time there was one released our net connection would be maxxed out a hell of a lot of the time.
  
  THAT is why it is unfeasible.
  
  Actually I'd be interested to hear from other sysadmins who do this successfully. What's the best way to keep a network of about 20 Wintel PCs updated off a 256kbps pipe?
  
  --
  "What we imagine is order is merely the prevailing form of chaos"
3. Re:Another MS security hole... by Anonymous Coward · 2004-11-03 18:42 · Score: 0
  
  I think this artificially inflates Linux et al.'s security record to some degree, as Linux / other OSs administrators are more likely to be up to date, being generally more technically savvy
  
  If linux was installed on the Great Unwashed's(TM) computers, it wouldn't be updated either.
4. Re:Another MS security hole... by dylan_- · 2004-11-04 00:19 · Score: 1
  
  If you've got cash, you want SMS. If not, you want SUS (basically though, you'll have one machine download the updates, and the others get them from that machine).
  
  --
  Igor Presnyakov stole my hat
not so important these days by swright · 2004-11-03 03:03 · Score: 3, Informative

Over 30% of web traffic is from XP SP2 now (UK traffic at least).*

SP2 is meant to stop this kind of stuff happening. People are installing SP2.

This is good, and a step forward - in a few weeks it's looking like it'll be over 50%.

I don't mean to winge, but pre-SP2 security holes don't seem newsworthy to me...

(* the company I work for runs tracking/surveying code on lots of UK commercial/retail web sites - we're seeing 3-5% per week increase in SP2 traffic, last week it went over 30% of total traffic)
1. Re:not so important these days by Godeke · 2004-11-03 03:17 · Score: 1
  
  About 70% of your users are vulnerable and you don't see it as "newsworthy"? Anyone named Shane Wright who applies for a job with me will now have a much harder time, just from the negative association you have created for me.
  
  --
  Sig under construction since 1998.
2. Re:not so important these days by swright · 2004-11-03 03:22 · Score: 1
  
  grr. ok point taken.
  
  but I don't think it's a reason for more MS-bashing and more IE-bashing for another hole in an old version of a browser. Newer versions are not vulnerable and people are deploying the newer versions at a substantial rate.
  
  Yes it is [yet another] vulnerability, but it's not another 'all IE users get rooted' one.
  
  <nitpicking> - the article says IE6 - so presumably not IE 5 and earlier; so the vulnerable portion is 50% rather than 70%. </nitpicking>
3. Re:not so important these days by Godeke · 2004-11-03 04:36 · Score: 1
  
  Ok, I can understand the dislike of the bashing that goes on around here. My biggest concern when people think that SP2 is a cure-all is that many people are on 2000 (or earlier, sadly), and can't get SP2 without making the investment in licensing *and* application testing to move to XP. I have a client that uses a construction management software piece that doesn't work under XP unless you jump through some absurd hoops with file permissions (and then it is still crippled: looking forward to a patch *eventually*). I have another client who is upgrading to XP with new boxes, but won't eliminate the last 2000 machine for another year or so. Neither of these are going to be protected by SP2.
  
  Personally, the latter case (slow phase out) annoys me, but all I can do is advise the client and try to keep them as productive as possible. So when something doesn't affect SP2, that is wonderful... for those who are there. Sadly, I still have to work with clients who barely left NT4 because no updates were available.
  
  Yes, perhaps I should get better clients, but I like my side work overall and really *don't* see 2000 as "depreciated" yet, so I can't beat them up *too* much.
  
  --
  Sig under construction since 1998.
Hmmm... by EvilNutSack · 2004-11-03 03:10 · Score: 0, Redundant

all Internet Explorer 6.0 versions are affected, except Windows XP SP2 installations
So unpatched versions of IE are unsafe; I should imagine this is true for many applications. Is this really relevant news or just Microsoft bashing for the sake of it?

--
--
1. Re:Hmmm... by GreatDrok · 2004-11-03 03:22 · Score: 3, Interesting
  
  For those of us forced to use Windows at work and who are using anything other than XP SP2 this is an issue. There is no fix for Win98, ME, or 2K despite the fact that these are all in heavy use still and likely to continue for the moment. I have actually installed Firefox on this machine despite the fact that I am not supposed to for the simple reason that I just can't trust IE and I have to use the web to perform my job.
  
  Just sticking your head in the sand and saying people should patch their systems is not going to help when MS has decided that the features of IE on XP SP2 are not going to be back ported to IE on other platforms. If anything, this can only drive more people into the arms of Firefox et al.
  
  --
  "I have the attention span of a strobe lit goldfish, please get to the point quickly!"
FIREFOX by fedorafreak · 2004-11-03 11:46 · Score: 1

SWICH TO FIREFOX OR OPERA OR MOZILLA COME ON ITS NOT THAT HARD

If you ask me IE is like swiss chese full of holes and leaves a bad taste in your mouth

--
RUN linux its just so much better
1. Re:FIREFOX by Anonymous Coward · 2004-11-03 12:55 · Score: 0
  
  Like giving a blow job?
Well... by Kaenneth · 2004-11-03 23:30 · Score: 1

I clicked the ad for Doom 3 that appeared with this article, and spotted this in the readme for the download...

D. Admin Rights Needed To Load and Play On Windows(r) 2000 or XP

If you are running Windows(r) 2000 or Windows(r) XP, you must have Administrator rights to properly install and play the game. ... Why should you need Admin/root style access to play a game?, Does DirectX require it?, or is iD doing something retarded?

One of the biggest security 'Don'ts' is to run applications without access restrictions.