!Patch for IE input validation error vulnerability...

Discussion in 'NZ Computing' started by Max Burke, Dec 19, 2003.

  1. Max Burke

    Max Burke Guest

    Posted because Microsoft in it's 'wisdom' seems to believe this is not a
    critical vulnerability that requires urgent attention, despite the fact that
    it's being actively exploited and putting users at risk. There have been
    several high profile cases in Australia and New Zealand where this
    vulnerability was used to obtain user information from users being
    redirected to 'malicious' websites using this vulnerability...

    NOTE: The patch is NOT a Microsoft patch; It has been issued by an
    independent third party. Use at your own risk.
    Backup and/or run a system restore checkpoint on your systems BEFORE
    installing this patch. I have installed it on my system running XP HE and a
    fully updated/patched version of IE 6 without any problems...

    <quote>
    This patch addresses a vulnerability in Microsoft Internet Explorer that
    could allow Hackers and con-artists to display a fake URL in the address and
    status bars. The vulnerability is caused due to an input validation error,
    which can be exploited by including the "%01" and "%00" URL encoded
    representations after the username and right before the "@" character in an
    URL.

    Download patch at:
    http://www.openwares.org/index.php?...mid=&func=fileinfo&parent=folder&filecatid=17
    <end quote>

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Dec 19, 2003
    #1
    1. Advertising

  2. Max Burke

    Bret Guest

    On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz>
    wrote:

    >Posted because Microsoft in it's 'wisdom' seems to believe this is not a
    >critical vulnerability that requires urgent attention, despite the fact that
    >it's being actively exploited and putting users at risk.


    Wow,Max criticizing MS.
     
    Bret, Dec 19, 2003
    #2
    1. Advertising

  3. Max Burke

    Max Burke Guest

    > Bret scribbled:

    >> Max Burke wrote:


    >> Posted because Microsoft in it's 'wisdom' seems to believe this is
    >> not a critical vulnerability that requires urgent attention, despite
    >> the fact that it's being actively exploited and putting users at
    >> risk.


    > Wow,Max criticizing MS.


    When it's warranted......

    But you'll never see me bashing OSS/*nix and some sort of advocacy for
    Microsoft and Windows.....

    So here's what it does mean: Linux is a normal operating system; so is XP.
    Both have bugs, some major, some minor. Anyone who tells you that Linux is
    "inherently more secure" or "much less buggy" than XP simply isn't working
    from current facts. The reality is that bugs happen, even in Linux: Get over
    it.
    http://www.informationweek.com/story/IWK20030124S0013/4

    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Dec 19, 2003
    #3
  4. Max Burke

    Max Burke Guest

    !Update: !Patch for IE input validation error vulnerability...

    Max Burke scribbled:

    I should have been more cautious when following this headline from the
    Melbourne Age... ;-)
    <quote>
    "Open source firm releases patch for IE spoofing flaw"
    http://www.theage.com.au/articles/2003/12/18/1071337072117.html
    <end quote>

    Latest recomendation: Dont install it, it has several 'serious' bugs and
    triggers AdAware warnings....

    Provided by 'tester' at the following link:
    http://www.openwares.org/index.php?option=com_simpleboard&Itemid=27&func=view&id=38&catid=9
    The bugs in the code are:

    /* memory leak */
    char *dest = (char *)malloc(256*sizeof(char));

    /* Unicode->ASCII conversion that doesn't do error checking */
    WideCharToMultiByte( CP_ACP, 0, BSTR)url->bstrVal, -1, dest, 256, NULL,
    NULL );
    ....

    /* vulnerable arrays on the stack */
    char sFake[256];
    char sTrue[256];
    ....

    /* please overwrite the return address on the stack and execute my shellcode
    */
    strcpy(sFake,strstr(dest,"\2" +1);


    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Dec 19, 2003
    #4
  5. Max Burke

    Gavin Tunney Guest

    On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz>
    wrote:

    >Posted because Microsoft in it's 'wisdom' seems to believe this is not a
    >critical vulnerability that requires urgent attention, despite the fact that
    >it's being actively exploited and putting users at risk. There have been
    >several high profile cases in Australia and New Zealand where this
    >vulnerability was used to obtain user information from users being
    >redirected to 'malicious' websites using this vulnerability...
    >


    Care to post a link to some of these exploit cases Max?

    Cheers

    Gavin
     
    Gavin Tunney, Dec 19, 2003
    #5
  6. Max Burke

    Max Burke Guest

    Gavin Tunney scribbled:

    Paypal in the USA, the Westpac Email scam here in New Zealand, and several
    similar email scams in Australia......





    > On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz>
    > wrote:
    >
    >> Posted because Microsoft in it's 'wisdom' seems to believe this is
    >> not a critical vulnerability that requires urgent attention, despite
    >> the fact that it's being actively exploited and putting users at
    >> risk. There have been several high profile cases in Australia and
    >> New Zealand where this vulnerability was used to obtain user
    >> information from users being redirected to 'malicious' websites
    >> using this vulnerability...
    >>

    >
    > Care to post a link to some of these exploit cases Max?
    >
    > Cheers
    >
    > Gavin


    --
    mlvburke@#%&*.net.nz
    Replace the obvious with paradise to email me.
    See Found Images at:
    http://homepages.paradise.net.nz/~mlvburke/
     
    Max Burke, Dec 20, 2003
    #6
  7. Max Burke

    Dumdedo Guest

    Re: !Patch for IE input validation error vulnerability...Very Buggy Patch.

    On Fri, 19 Dec 2003 15:08:57 +1300, "Max Burke" <mlvburke@%$%#@.nz> wrote:

    >Posted because Microsoft in it's 'wisdom' seems to believe this is not a
    >critical vulnerability that requires urgent attention, despite the fact that
    >it's being actively exploited and putting users at risk. There have been
    >several high profile cases in Australia and New Zealand where this
    >vulnerability was used to obtain user information from users being
    >redirected to 'malicious' websites using this vulnerability...
    >
    >NOTE: The patch is NOT a Microsoft patch; It has been issued by an
    >independent third party. Use at your own risk.
    >Backup and/or run a system restore checkpoint on your systems BEFORE
    >installing this patch. I have installed it on my system running XP HE and a
    >fully updated/patched version of IE 6 without any problems...
    >
    ><quote>
    >This patch addresses a vulnerability in Microsoft Internet Explorer that
    >could allow Hackers and con-artists to display a fake URL in the address and
    >status bars. The vulnerability is caused due to an input validation error,
    >which can be exploited by including the "%01" and "%00" URL encoded
    >representations after the username and right before the "@" character in an
    >URL.
    >
    >Download patch at:
    >http://www.openwares.org/index.php?...mid=&func=fileinfo&parent=folder&filecatid=17
    ><end quote>




    Don't its Full of bugs..

    http://www.theregister.com/content/55/34618.html
     
    Dumdedo, Dec 20, 2003
    #7
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Spiz
    Replies:
    12
    Views:
    6,702
  2. Jimmy
    Replies:
    3
    Views:
    1,775
    Render Me
    Sep 12, 2005
  3. Max Burke
    Replies:
    1
    Views:
    711
    Hairy One Kenobi
    Dec 19, 2003
  4. Giuen
    Replies:
    0
    Views:
    1,433
    Giuen
    Sep 12, 2008
  5. 8ball meme
    Replies:
    7
    Views:
    1,994
    8ball meme
    Nov 18, 2010
Loading...

Share This Page