CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet Explorer

Discussion in 'Computer Support' started by Boomer, Aug 27, 2003.

  1. Boomer

    Boomer Guest

    Hugh Lilly said:

    > CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft
    > Internet Explorer

    [snip]
    > Apply a patch
    >
    > Apply the appropriate patch as specified by Microsoft
    > Security Bulletin MS03-032.
    >
    > In addition to addressing these vulnerabilities, the patch
    > also changes the behavior of the HTML Help system (see
    > VU#25249):
    >
    > As with the previous Internet Explorer cumulative
    > patches released with bulletins MS03-004, MS03-015, and
    > MS03-020 this cumulative patch will cause
    > window.showHelp() to cease to function if you have not
    > applied the HTML Help update. If you have installed the
    > updated HTML Help control from Knowledge Base article
    > 811630, you will still be able to use HTML Help
    > functionality after applying this patch.
    >
    >
    > Appendix A. Vendor Information
    >
    > This appendix contains information provided by vendors.
    > When vendors report new information, this section is updated
    > and the changes are noted in the revision history. If a
    > vendor is not listed below, we have not received their
    > comments.
    >
    > Microsoft
    >
    > Please see Microsoft Security Bulletin MS03-032.

    [snip]

    Thanks, Hugh for all of the above.

    Could you fix your clock/time zone. You are about one hour off.

    Thanks
    Boomer, Aug 27, 2003
    #1
    1. Advertising

  2. Boomer

    Hugh Lilly Guest

    CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft Internet
    Explorer

    From:
    CERT Advisory <> (CERT(R) Coordination Center - +1
    412-268-7090)


    To:



    Date:
    Today 08:19:25



    Message was signed with unknown key 0xD9513B39.
    The validity of the signature cannot be verified.


    CERT Advisory CA-2003-22 Multiple Vulnerabilities in Microsoft
    Internet Explorer

    Original issue date: August 26, 2003
    Last revised: --
    Source: CERT/CC

    A complete revision history is at the end of this file.


    Systems Affected

    Microsoft Windows systems running

    * Internet Explorer 5.01
    * Internet Explorer 5.50
    * Internet Explorer 6.01

    Previous, unsupported versions of Internet Explorer may also be
    affected.


    Overview

    Microsoft Internet Explorer (IE) contains multiple vulnerabilities,
    the most serious of which could allow a remote attacker to execute
    arbitrary code with the privileges of the user running IE.


    I. Description

    Microsoft Security Bulletin MS03-032 describes five vulnerabilities
    in Internet Explorer. These vulnerabilities are listed below.
    More detailed information is available in the individual
    vulnerability notes. Note that in addition to IE, any applications
    that use the IE HTML rendering engine to interpret HTML documents
    may present additional attack vectors for these vulnerabilities.

    VU#205148 - Microsoft Internet Explorer does not properly evaluate
    Content-Type and Content-Disposition headers

    A cross-domain scripting vulnerability exists in the way IE
    evaluates Content-Type and Content-Disposition headers and checks
    for files in the local browser cache. This vulnerability could
    allow a remote attacker to execute arbitrary script in a
    different domain, including the Local Machine Zone.
    (Other resources: SNS Advisory No.67, CAN-2003-0531)

    VU#865940 - Microsoft Internet Explorer does not properly evaluate
    "application/hta" MIME type referenced by DATA attribute of OBJECT
    element

    IE will execute an HTML Application (HTA) referenced by the DATA
    attribute of an OBJECT element if the Content-Type header
    returned by the web server is set to "application/hta". An
    attacker could exploit this vulnerability to execute arbitrary
    code with the privileges of the user running IE.
    (Other resources: eEye Digital Security Advisory AD20030820,
    CAN-2003-0532)

    VU#548964 - Microsoft Windows BR549.DLL ActiveX control contains
    vulnerability

    The Microsoft Windows BR549.DLL ActiveX control, which provides
    support for the Windows Reporting Tool, contains an unknown
    vulnerability. The impact of this vulnerability is not known.

    VU#813208 - Internet Explorer does not properly render an input
    type tag

    IE does not properly render an input type tag, allowing a remote
    attacker to cause a denial of service.

    VU#334928 - Microsoft Internet Explorer contains buffer overflow in
    Type attribute of OBJECT element on double-byte character set
    systems

    Certain versions of IE that support double-byte character sets
    (DBCS) contain a buffer overflow vulnerability in the Type
    attribute of the OBJECT element. A remote attacker could execute
    arbitrary code with the privileges of the user running IE.
    (Other resources: SNS Advisory No.68, Microsoft Security Bulletin
    MS03-020, CAN-2003-0344)


    II. Impact

    These vulnerabilities have different impacts, ranging from denial
    of service to execution of arbitrary commands or code. Please see
    the individual vulnerability notes for specific information. The
    most serious of these vulnerabilities (VU#865940) could allow a
    remote attacker to execute arbitrary code with the privileges of
    the user running IE. The attacker could exploit this vulnerability
    by convincing the user to access a specially crafted HTML document,
    such as a web page or HTML email message. No user intervention is
    required beyond viewing the attacker's HTML document with IE.


    III. Solution

    Apply a patch

    Apply the appropriate patch as specified by Microsoft Security
    Bulletin MS03-032.

    In addition to addressing these vulnerabilities, the patch also
    changes the behavior of the HTML Help system (see VU#25249):

    As with the previous Internet Explorer cumulative patches
    released with bulletins MS03-004, MS03-015, and MS03-020 this
    cumulative patch will cause window.showHelp() to cease to
    function if you have not applied the HTML Help update. If you
    have installed the updated HTML Help control from Knowledge Base
    article 811630, you will still be able to use HTML Help
    functionality after applying this patch.


    Appendix A. Vendor Information

    This appendix contains information provided by vendors. When
    vendors report new information, this section is updated and the
    changes are noted in the revision history. If a vendor is not
    listed below, we have not received their comments.

    Microsoft

    Please see Microsoft Security Bulletin MS03-032.


    Appendix B. References

    * CERT/CC Vulnerability Note VU#205148 -
    <http://www.kb.cert.org/vuls/id/205148>

    * CERT/CC Vulnerability Note VU#865940 -
    <http://www.kb.cert.org/vuls/id/865940>

    * CERT/CC Vulnerability Note VU#548964 -
    <http://www.kb.cert.org/vuls/id/548964>

    * CERT/CC Vulnerability Note VU#813208 -
    <http://www.kb.cert.org/vuls/id/813208>

    * CERT/CC Vulnerability Note VU#334928 -
    <http://www.kb.cert.org/vuls/id/334928>

    * CERT/CC Vulnerability Note VU#25249 -
    <http://www.kb.cert.org/vuls/id/25249>

    * eEye Digital Security Advisory AD20030820 -
    <http://www.eeye.com/html/Research/Advisories/AD20030820.html>

    * SNS Advisory No. 67 -
    <http://www.lac.co.jp/security/english/snsadv_e/67_e.html>

    * SNS Advisory No. 68 -
    <http://www.lac.co.jp/security/english/snsadv_e/68_e.html>

    * Microsoft Security Bulletin MS03-032 -
    <http://microsoft.com/technet/security/bulletin/MS03-032.asp>

    * Microsoft KB Article 822925 -
    <http://support.microsoft.com/default.aspx?scid=kb;en-us;822925>

    _________________________________________________________________

    Microsoft credits eEye Digital Security, LAC, and KPMG UK for
    reporting these vulnerabilities. Information from eEye, LAC, and
    Microsoft was used in this document.
    _________________________________________________________________

    Feedback can be directed to the author, Art Manion.
    ______________________________________________________________________

    This document is available from:
    <http://www.cert.org/advisories/CA-2003-22.html>
    ______________________________________________________________________


    CERT/CC Contact Information

    Email: <>
    Phone: +1 412-268-7090 (24-hour hotline)
    Fax: +1 412-268-6989
    Postal address:
    CERT Coordination Center
    Software Engineering Institute
    Carnegie Mellon University
    Pittsburgh PA 15213-3890
    U.S.A.

    CERT/CC personnel answer the hotline 08:00-17:00 EST(GMT-5) /
    EDT(GMT-4) Monday through Friday; they are on call for emergencies
    during other hours, on U.S. holidays, and on weekends.

    Using encryption

    We strongly urge you to encrypt sensitive information sent by email.
    Our public PGP key is available from

    <http://www.cert.org/CERT_PGP.key>

    If you prefer to use DES, please call the CERT hotline for more
    information.

    Getting security information

    CERT publications and other security information are available from
    our web site

    <http://www.cert.org/>

    To subscribe to the CERT mailing list for advisories and bulletins,
    send email to <>. Please include in the body of your
    message

    subscribe cert-advisory

    * "CERT" and "CERT Coordination Center" are registered in the U.S.
    Patent and Trademark Office.
    ______________________________________________________________________

    NO WARRANTY
    Any material furnished by Carnegie Mellon University and the Software
    Engineering Institute is furnished on an "as is" basis. Carnegie
    Mellon University makes no warranties of any kind, either expressed or
    implied as to any matter including, but not limited to, warranty of
    fitness for a particular purpose or merchantability, exclusivity or
    results obtained from use of the material. Carnegie Mellon University
    does not make any warranty of any kind with respect to freedom from
    patent, trademark, or copyright infringement.
    ______________________________________________________________________

    Conditions for use, disclaimers, and sponsorship information

    Copyright 2003 Carnegie Mellon University.

    Revision History

    August 26, 2003: Initial release



    End of signed message
    --
    (C) 2003 Hugh Lilly
    mail:
    blog: http://hugh.orcon.net.nz
    Registered Linux User # 295486, register @ http://counter.li.org
    Hugh Lilly, Aug 27, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.

Share This Page