Slashdot Mirror

← Back to Stories (view on slashdot.org)

IE Flaw Gives Hackers Access To User Files

Posted by timothy on from the open-file-my-documents dept.

snydeq writes "Microsoft warned that a flaw in IE gives attackers access to files stored on a PC under certain conditions. 'Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location,' Microsoft said in a security advisory. The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

26 of 259 comments (clear)

  1. *sigh* ... blame Netscape. by hey! · · Score: 3, Insightful

    Had Microsoft not needed something to drive a stake through Netscape's heart, it wouldn't have needed to concoct it's own Frankenstein's monster of confused and misbegotten priorities.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
  2. This is bad. by Buelldozer · · Score: 5, Insightful

    When you go to my website I know what the cookie name is and I know the default file system location for that cookie. This one seems pretty bad.

    1. Re:This is bad. by Z34107 · · Score: 2, Insightful

      Package that up into a script and you could probably scan for 1,000 different cookies in the time it took you to read my post.

      Definitely! Reading everyone else's cookie is much more interesting than using an exploit to read your own cookies! :P

      --
      DATABASE WOW WOW
    2. Re:This is bad. by jimicus · · Score: 4, Insightful

      Well, if any of those cookies are being used by supposedly secure sites to remember somebody's login so they can conveniently purchase in future, you may well know enough to log into their account on those shopping sites and get their real name, address and purchasing history. From this point, it's not a particularly large step to large-scale identity theft.

    3. Re:This is bad. by JoshuaZ · · Score: 2, Insightful

      Someone please mod parent up. This is an excellent example of an exploit that at first glance looks harmless but could be used for very nefarious ends.

  3. I wonder... by Ismene · · Score: 5, Insightful

    I wonder how many people have a "passwords.txt" file in their Documents. ;-)

    1. Re:I wonder... by Anonymous Coward · · Score: 1, Insightful

      Don't worry, I was able to recover your password.txt files from the recycle bin.

  4. Flawed by mcgrew · · Score: 4, Insightful

    an attacker may be able to access files with an already known filename and location

    One more reason not to keep your files in "My Documents". That part is easily guessed; "2009 Income Tax Returns" would be easy to guess as well.

    "Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008," it said.

    Does XP have a protected mode? That's the version of Windows most people use IINM. Is this a ploy to get people to upgrade from XP?

    Microsoft hasn't seen any attacks that exploit the flaw and has yet to decide whether to repair the flaw through its monthly security patch release cycle or an urgent, out-of-cycle update.

    Has yet to decide whether to repair it? Hmmm... Ok, they're trying to decide when to. How about doing what every other browser company does and give us the patch NOW?

    --
    Free Martian Whores!
    1. Re:Flawed by radish · · Score: 3, Insightful

      Is this a ploy to get people to upgrade from XP?

      I'd say it's (yet another) reason to stop using a 9 year old OS. How many of the major linux distros still support versions that old? How many people would recommend continuing to run a version that old?

      --

      ---- Den ene knappen er powerknapp, den andre er Bender voice knapp "Bite My Shiny Metal Ass"

    2. Re:Flawed by Leynos · · Score: 3, Insightful

      C:\users\%USERNAME%\Documents anyone?

      --
      "Did you exchange a walk on part in the war for a lead role in a cage?"
  5. c:\Windows\System32\ by LikwidCirkel · · Score: 3, Insightful

    Hmm.. the most obvious predictable file names are conveniently the most dangerous for someone to have access to.

    1. Re:c:\Windows\System32\ by hellraizer · · Score: 1, Insightful

      hijacking dns through hosts.txt has never been as easy :D

    2. Re:c:\Windows\System32\ by hawaiian717 · · Score: 3, Insightful

      C:\windows\system32\config\sam

      Read-only access is all you need...

      --
      End of Line.
    3. Re:c:\Windows\System32\ by WillAffleckUW · · Score: 3, Insightful

      yeah, it's not like there are stored connection strings to databases ... um ...

      --
      -- Tigger warning: This post may contain tiggers! --
    4. Re:c:\Windows\System32\ by Sleepy · · Score: 2, Insightful

      That's not the case.

      It's not like memory dumps don't ever get dumped there if you had an OS crash, and it's not like memory dumps would ever contain user data like user passwords. There's user data in there. Where does the REGISTRY get saved???

      This is BAD.

  6. WHY THE FUCK DO PEOPLE STILL USE IE? by Anonymous Coward · · Score: 2, Insightful

    This is just fucking stupid. WHY DO PEOPLE AND BUSINESSES STILL USE IE?

    We KNOW it's full of holes. Not just small ones, but literally, gaping goatse-sized holes. This is a perfect example, to go along with the hundreds of other problems we know of.

    There are so many alternatives today! We are living in a time of plenty when it comes to browsers. I mean, we have Opera that runs just about everywhere. We have Firefox if you want extensibility. If you prefer the feel of the old Netscape Communicator suite, there's Seamonkey. If you want a fast browsing experience, use Chrome or Safari or Konqueror.

    Legacy ActiveX controls just aren't enough of an excuse these days. If you're still using that piece of shit "technology", then you need to get your network off of the public Internet. You and your network are nothing but a disaster waiting to happen.

    1. Re:WHY THE FUCK DO PEOPLE STILL USE IE? by LikwidCirkel · · Score: 2, Insightful

      If you give people a free car with houses, that "works" enough to get to A to B, then how many people will make the effort to get a different free car if they're not aware that there is anything wrong with the first one?

    2. Re:WHY THE FUCK DO PEOPLE STILL USE IE? by Anonymous Coward · · Score: 1, Insightful

      Because none of the browsers you listed are as easily configured enterprise wide as IE is with group policies.

    3. Re:WHY THE FUCK DO PEOPLE STILL USE IE? by c_sd_m · · Score: 2, Insightful

      The OP's point was closer to "if Fords were free, how many people would bother to buy Hondas?"

    4. Re:WHY THE FUCK DO PEOPLE STILL USE IE? by sopssa · · Score: 2, Insightful

      It doesn't work like that. There are billions of sites on the internet. If your site doesn't work with them, they go somewhere else. And it would be quite stupid to ignore a browser that holds the largest market share. Sad, but true.

    5. Re:WHY THE FUCK DO PEOPLE STILL USE IE? by sopssa · · Score: 2, Insightful

      Because none of the browsers you listed are as easily configured enterprise wide as IE is with group policies.

      Exactly. This is a thing OSS developers usually miss. They develop primarily for home users or single users and have no idea how it works in work place, while MS understands a need for enterprise solutions.

  7. You mean like by deliciousmonster · · Score: 1, Insightful

    c:\windows\system\kernel32.dll?

    --
    I have a plan. Using mainly spoons, we'll tunnel our way out of the city...
  8. I'm really getting sick of this excuse by apparently · · Score: 4, Insightful

    "The vulnerability requires that an attacker knows the name of the file they want to access, according to the company."

    Good thing no one knows to look for: "%USERPROFILE%\My Documents\Quicken\qdata.qdf"

  9. Modifying hosts.txt by Jorl17 · · Score: 2, Insightful

    Modifying hosts.txt could be one of the biggest issues with this one. And yet, it's just another flaw much like there are hundreds of others in any browser.

    --
    Have you heard about SoylentNews?
    1. Re:Modifying hosts.txt by natehoy · · Score: 2, Insightful

      http://www.microsoft.com/technet/security/advisory/980088.mspx

      When in doubt, go to the source. Microsoft has a pretty decent write-up on this one. I don't know who taranfx.com is, but the only accurate bits of information in their article are what they cut-and-pasted from the Microsoft site. The rest is, umm, "fanciful". Sorry, I gotta call 'em like I see 'em.

      Oh, one other useful bit from their stie... that everyone should stop using IE. Now.

      I'd also add to only run a browser that has something like NoScript available. Javascript is just chock full of vulnerabilities of its own. Any time you allow strangers to run code on your computer, you are just asking for trouble.

      But by now that goes without saying, and I've already said it until I'm blue in the face, and I've given up. Don Quixote is cut out for that sort of thing, I'm not.

      If you use IE in Vista or Seven, turn protected mode on. If you use IE on XP, load the file:// protocol fix outlined at Microsoft's site. Hopefully Microsoft will come out with a fix soon. Load it. Immediately.

      This may not be a serious vulnerability, but the vector will surely be used for more serious ones real soon as the black hatted assholes figure out how to read your file index and get a list of files to choose from.

      --
      "This post contains words, known to the State of California to cause thought. Wash brain thoroughly after reading."
  10. Hmm, how about the document search index? by Jason+Pollock · · Score: 2, Insightful

    Because there isn't an easily found, well known file that is a handy index of all of the files on your system:

    \ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb

    http://en.wikipedia.org/wiki/Windows_Search