Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > NZ Computing > !Patch for IE input validation error vulnerability...

Reply
Thread Tools

!Patch for IE input validation error vulnerability...

 
 
Max Burke
Guest
Posts: n/a
 
      12-19-2003
Posted because Microsoft in it's 'wisdom' seems to believe this is not a
critical vulnerability that requires urgent attention, despite the fact that
it's being actively exploited and putting users at risk. There have been
several high profile cases in Australia and New Zealand where this
vulnerability was used to obtain user information from users being
redirected to 'malicious' websites using this vulnerability...

NOTE: The patch is NOT a Microsoft patch; It has been issued by an
independent third party. Use at your own risk.
Backup and/or run a system restore checkpoint on your systems BEFORE
installing this patch. I have installed it on my system running XP HE and a
fully updated/patched version of IE 6 without any problems...

<quote>
This patch addresses a vulnerability in Microsoft Internet Explorer that
could allow Hackers and con-artists to display a fake URL in the address and
status bars. The vulnerability is caused due to an input validation error,
which can be exploited by including the "%01" and "%00" URL encoded
representations after the username and right before the "@" character in an
URL.

Download patch at:
http://www.openwares.org/index.php?o...r&filecatid=17
<end quote>

--
mlvburke@#%&*.net.nz
Replace the obvious with paradise to email me.
See Found Images at:
http://homepages.paradise.net.nz/~mlvburke/

 
Reply With Quote
 
 
 
 
Bret
Guest
Posts: n/a
 
      12-19-2003
On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz>
wrote:

>Posted because Microsoft in it's 'wisdom' seems to believe this is not a
>critical vulnerability that requires urgent attention, despite the fact that
>it's being actively exploited and putting users at risk.


Wow,Max criticizing MS.
 
Reply With Quote
 
 
 
 
Max Burke
Guest
Posts: n/a
 
      12-19-2003
> Bret scribbled:

>> Max Burke wrote:


>> Posted because Microsoft in it's 'wisdom' seems to believe this is
>> not a critical vulnerability that requires urgent attention, despite
>> the fact that it's being actively exploited and putting users at
>> risk.


> Wow,Max criticizing MS.


When it's warranted......

But you'll never see me bashing OSS/*nix and some sort of advocacy for
Microsoft and Windows.....

So here's what it does mean: Linux is a normal operating system; so is XP.
Both have bugs, some major, some minor. Anyone who tells you that Linux is
"inherently more secure" or "much less buggy" than XP simply isn't working
from current facts. The reality is that bugs happen, even in Linux: Get over
it.
http://www.informationweek.com/story/IWK20030124S0013/4

--
mlvburke@#%&*.net.nz
Replace the obvious with paradise to email me.
See Found Images at:
http://homepages.paradise.net.nz/~mlvburke/

 
Reply With Quote
 
Max Burke
Guest
Posts: n/a
 
      12-19-2003
Max Burke scribbled:

I should have been more cautious when following this headline from the
Melbourne Age...
<quote>
"Open source firm releases patch for IE spoofing flaw"
http://www.theage.com.au/articles/20...337072117.html
<end quote>

Latest recomendation: Dont install it, it has several 'serious' bugs and
triggers AdAware warnings....

Provided by 'tester' at the following link:
http://www.openwares.org/index.php?o...&id=38&catid=9
The bugs in the code are:

/* memory leak */
char *dest = (char *)malloc(256*sizeof(char));

/* Unicode->ASCII conversion that doesn't do error checking */
WideCharToMultiByte( CP_ACP, 0, BSTR)url->bstrVal, -1, dest, 256, NULL,
NULL );
....

/* vulnerable arrays on the stack */
char sFake[256];
char sTrue[256];
....

/* please overwrite the return address on the stack and execute my shellcode
*/
strcpy(sFake,strstr(dest,"\2" +1);


--
mlvburke@#%&*.net.nz
Replace the obvious with paradise to email me.
See Found Images at:
http://homepages.paradise.net.nz/~mlvburke/

 
Reply With Quote
 
Gavin Tunney
Guest
Posts: n/a
 
      12-19-2003
On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz>
wrote:

>Posted because Microsoft in it's 'wisdom' seems to believe this is not a
>critical vulnerability that requires urgent attention, despite the fact that
>it's being actively exploited and putting users at risk. There have been
>several high profile cases in Australia and New Zealand where this
>vulnerability was used to obtain user information from users being
>redirected to 'malicious' websites using this vulnerability...
>


Care to post a link to some of these exploit cases Max?

Cheers

Gavin


 
Reply With Quote
 
Max Burke
Guest
Posts: n/a
 
      12-20-2003
Gavin Tunney scribbled:

Paypal in the USA, the Westpac Email scam here in New Zealand, and several
similar email scams in Australia......





> On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz>
> wrote:
>
>> Posted because Microsoft in it's 'wisdom' seems to believe this is
>> not a critical vulnerability that requires urgent attention, despite
>> the fact that it's being actively exploited and putting users at
>> risk. There have been several high profile cases in Australia and
>> New Zealand where this vulnerability was used to obtain user
>> information from users being redirected to 'malicious' websites
>> using this vulnerability...
>>

>
> Care to post a link to some of these exploit cases Max?
>
> Cheers
>
> Gavin


--
mlvburke@#%&*.net.nz
Replace the obvious with paradise to email me.
See Found Images at:
http://homepages.paradise.net.nz/~mlvburke/

 
Reply With Quote
 
Dumdedo
Guest
Posts: n/a
 
      12-20-2003
On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz> wrote:

>Posted because Microsoft in it's 'wisdom' seems to believe this is not a
>critical vulnerability that requires urgent attention, despite the fact that
>it's being actively exploited and putting users at risk. There have been
>several high profile cases in Australia and New Zealand where this
>vulnerability was used to obtain user information from users being
>redirected to 'malicious' websites using this vulnerability...
>
>NOTE: The patch is NOT a Microsoft patch; It has been issued by an
>independent third party. Use at your own risk.
>Backup and/or run a system restore checkpoint on your systems BEFORE
>installing this patch. I have installed it on my system running XP HE and a
>fully updated/patched version of IE 6 without any problems...
>
><quote>
>This patch addresses a vulnerability in Microsoft Internet Explorer that
>could allow Hackers and con-artists to display a fake URL in the address and
>status bars. The vulnerability is caused due to an input validation error,
>which can be exploited by including the "%01" and "%00" URL encoded
>representations after the username and right before the "@" character in an
>URL.
>
>Download patch at:
>http://www.openwares.org/index.php?o...r&filecatid=17
><end quote>




Don't its Full of bugs..

http://www.theregister.com/content/55/34618.html


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Error in Extending/Embedding FAQ, point 16: How do I tell"incomplete input" from "invalid input"? Dietrich Bollmann Python 0 04-22-2008 03:12 PM
fileinput.input('test.txt') => ERROR: input() already active cyberco Python 6 11-20-2006 11:29 AM
Displaying a Validation Error in a Validation Summary Control Lucas Tam ASP .Net 2 02-26-2004 07:49 PM
!Patch for IE input validation error vulnerability... Max Burke Computer Security 1 12-19-2003 10:42 PM
Re: only custom validation control does server side validation? Colin Mackay ASP .Net 0 06-25-2003 07:54 AM



Advertisments