Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Ie Unpatched Outerhtml And Hta Vulnerabilities


  • Please log in to reply
No replies to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:01:42 PM

Posted 28 June 2006 - 05:04 AM

1) An error in the handling of redirections can be exploited to access documents served from another web site via the "object.documentElement.outerHTML" property.

2) An error in the handling of file shares can be exploited to trick a user into executing a malicious HTA application via directory traversal attacks in the filename. Successful exploitation requires some user interaction.

The vulnerabilities have been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. Other versions may also be affected.

Solution:
1) Disable Active Scripting support.
2) Filter Windows file sharing traffic.

ISC Testing Note: Regarding the second vulnerability, what's interesting is that we were able to reproduce this even when using Mozilla FireFox.


These are rated as a "moderate risk" and proof-of-concept exploits have been developed.

New IE unpatched OuterHTML and HTA vulnerabilities
http://secunia.com/advisories/20825/
http://www.incidents.org/diary.php?storyid=1448
http://www.frsirt.com/english/advisories/2006/2553

BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users