<< Previous Next >>
Internet Explorer
I've tested this DoS on Internet Explorer 8, does not significantly impact my system.
-----Original Message-----
From: MustLive [mailto:mustlive@websecurity.com.ua]
Sent: Sunday, July 19, 2009 10:33 AM
To: bugtraq@securityfocus.com
Subject: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
Hello Bugtraq!
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
ZDI-11-289 : Microsoft Internet Explorer swapNode Handling Remote Code
Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-289
October 15, 2011
- -- CVE ID:
CVE-2011-2000
ZDI-11-249: (Pwn2Own) Microsoft Internet Explorer Protected Mode Bypass Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-249
August 9, 2011
-- CVSS:
6.4, (AV:N/AC:L/Au:N/C:P/I:P/A:N)
-- Affected Vendors:
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
Hello Bugtraq!
I want to warn you about File Download and Denial of Service vulnerabilities
in Mozilla Firefox, Internet Explorer, Google Chrome and Opera. Earlier I
already wrote about DoS vulnerabilities in different browsers via different
protocol handlers. And now I'll tell about research concerned with attacks
via protocols http and ftp which I made already in 2008 and published at
30.06.2010.
-----------------------------
======================================================================
Secunia Research 08/04/2008
- Internet Explorer Data Stream Handling Vulnerability -
======================================================================
Table of Contents
Affected Software....................................................1
Microsoft Internet Explorer DHTML Handling Remote Memory Corruption Vulnerability
2009.June.09
Fortinet's FortiGuard Global Security Research Team Discovers Memory Corruption Vulnerability in Microsoft's Internet Explorer.
Summary:
========
A memory corruption vulnerability exists in the DHTML handling of Microsoft's Internet Explorer which allows a remote attacker to compromise a system through a malicious site.
Impact:
IPB (http://websecurity.com.ua/1893/) via embedded flash files and released
fix for it in my MustLive Security Pack (http://websecurity.com.ua/1896/).
In 2008 there was found Cross-Site Scripting vulnerability in IPB
(http://securityvulns.ru/Tdocument862.html) via htm and html files in
attachments. It was concerned Internet Explorer, in which a code was
executing in context of the site (in Mozilla and Firefox a code was
executing locally). But as I checked at 12.12.2009, in Opera a code also is
executing in context of the site.
And recently there was found new XSS vulnerability in IPB
ZDI-11-198: (Pwn2Own) Microsoft Internet Explorer Uninitialized Variable Information Leak Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-198
June 14, 2011
-- CVSS:
7.5, (AV:N/AC:L/Au:N/C:P/I:P/A:P)
-- Affected Vendors:
Hello Bugtraq!
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
Also I wrote to Ruben Reguero two days ago, and told him that it was strange
Jul 28, 2009
I. BACKGROUND
HTML+TIME (HTML Timed Interactive Multimedia Extensions)is a web
standard that was created for Microsoft Corp.'s Internet Explorer (IE)
to allow web page authors to create timed animation content on a web
page. This is accomplished using an XML like markup that makes use of
HTML+TIME properties and elements. Internet Explorer supports this
markup standard, and also exposes a scripting interface for interacting
with the HTML+TIME elements on the page. For more information, please
http://labs.idefense.com/intelligence/vulnerabilities/
Apr 12, 2011
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: <BR> <BR>
http://www.microsoft.com/windows/internet-explorer/default.aspx
On 29 Sep 2008 19:59:55 -0000, UniquE@unique-key.org
<UniquE@unique-key.org> wrote:
> <!--
>
> MS Internet Explorer 7 Denial Of Service Exploit
>
> Type :
>
> Denial Of Service
>
<!--
MS Internet Explorer 7 Denial Of Service Exploit
Type :
Denial Of Service
Release Date :
> C:\> c:\windows\pchealth\helpctr\binaries\helpctr.exe -url "hcp://system/sysinfo/sysinfomain.htm?svr=<script defer>eval(unescape('Run%28%22calc.exe%22%29'))</script>"
> C:\>
>
> While this is fun, this isn't a vulnerability unless an untrusted third party
> can force you to access it. Testing suggests that by default, accessing an
> hcp:// URL from within Internet Explorer >= 8, Firefox, Chrome (and presumably
> other browsers) will result in a prompt. Although most users will click through
> this prompt (perfectly reasonable, protocol handlers are intended to be safe),
> it's not a particularly exciting attack.
>
> I've found a way to avoid the prompt in a default Windows XP installation in all
C:\> c:\windows\pchealth\helpctr\binaries\helpctr.exe -url "hcp://system/sysinfo/sysinfomain.htm?svr=<script defer>eval(unescape('Run%28%22calc.exe%22%29'))</script>"
C:\>
While this is fun, this isn't a vulnerability unless an untrusted third party
can force you to access it. Testing suggests that by default, accessing an
hcp:// URL from within Internet Explorer >= 8, Firefox, Chrome (and presumably
other browsers) will result in a prompt. Although most users will click through
this prompt (perfectly reasonable, protocol handlers are intended to be safe),
it's not a particularly exciting attack.
I've found a way to avoid the prompt in a default Windows XP installation in all
ZDI-11-119: (Pwn2Own) Microsoft Internet Explorer onPropertyChange Remote Code Execution Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-11-119
April 12, 2011
-- CVE ID:
CVE-2011-1345
-- CVSS:
> Hello Bugtraq!
>
> I want to warn you about security vulnerability in different browsers.
>
> -----------------------------
> Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
> Opera
> -----------------------------
> URL: http://websecurity.com.ua/4238/
> -----------------------------
> Affected products: Mozilla Firefox, Internet Explorer 6, Internet
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera
and other browsers
-----------------------------
URL: http://websecurity.com.ua/4206/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website:
http://www.microsoft.com/ie/
==================
For a list of operating system and product versions affected, please see the Microsoft Security Advisory reference below.
Additional Information:
=======================
A remote attacker could craft a malicious HTML document which exploits the Internet Explorer. The vulnerability lies in the default ActiveX Control installed by the Microsoft Office. A crafted object may be created and passed to a method of this control that will cause memory corruption in the Internet Explorer. After the corruption has occured, a few specific actions will cause Internet Explorer to cause remote code execution through a call instruction.
Solutions:
==========
Use the workaround solution provided by Microsoft (973472).
The FortiGuard Global Security Research Team released a signature "MS.Office.Web.Components.Memory.Corruption", which covers this specific vulnerability.
google apps googleapps.url.mailto:// uri handler cross-browser remote command execution exploit (Internet Explorer)
by nine:situations:group::pyrokinesis
site: http://retrogod.altervista.org/
software site: http://pack.google.com/intl/it/pack_installer.html
tested against: Internet Explorer 8, windows xp sp3
Internet Explorer 7, windows xp sp3
Google Chrome 2.0.172.43
Microsoft Internet Explorer DoS in Rendering Malicious PNG Files.
*Version Affected:*
IE 7 / IE 8 BETA
*Severity:*
Intermediate
*Background:*
Mshtml.dll is a standard library which is responsible for rendering
-----Original Message-----
From: MustLive [mailto:mustlive@websecurity.com.ua]
Sent: Sunday, November 14, 2010 6:54 PM
To: bugtraq@securityfocus.com
Subject: Saved XSS vulnerability in Internet Explorer
Hello Bugtraq!
I want to warn you about Cross-Site Scripting vulnerability in Internet
Explorer. This is Post Persistent XSS (Save XSS)
> [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Aditya K
> Sood
> Sent: 17 August 2007 09:07
> To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com;
> websecurity@webappsec.org; Steven M. Christey
> Subject: [Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up
> Blocker Bypassing and Dos Vulnerability
>
> Advisory : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos
> Vulnerability
>
[mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of Aditya K
Sood
Sent: 17 August 2007 09:07
To: full-disclosure@lists.grok.org.uk; bugtraq@securityfocus.com;
websecurity@webappsec.org; Steven M. Christey
Subject: [Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up
Blocker Bypassing and Dos Vulnerability
Advisory : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos
Vulnerability
Check Point Software Technologies - Vulnerability Discovery Team (VDT)
http://www.checkpoint.com/defense/
Internet Explorer Uninitialized Memory Corruption Vulnerability
CVE-2010-3331 - MS10-071
INTRODUCTION
There exists a vulnerability within the way internet explorer handles specific objects that has not been correctly initialized or
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 14, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website:
http://www.microsoft.com/ie/
ZDI-07-073: Microsoft Internet Explorer setExpression Code Execution
Vulnerability
http://www.zerodayinitiative.com/advisories/ZDI-07-073.html
December 11, 2007
-- CVE ID:
CVE-2007-3902
-- Affected Vendor:
Microsoft
Chrome, Day of bugs in browsers, Day of bugs in browsers 2: reloaded (where
I released many different vulnerabilities in browsers, including DoS). And
in October 2008, for project Day of bugs in browsers 2, I released exploits
for blocking DoS with alertbox which affect many browsers ;-) (which you
mentioned in your letter). As you can found it in my post DoS in Firefox,
Internet Explorer and Google Chrome (http://websecurity.com.ua/2575/).
I showed three variants of this attack, to show possibilities of bypassing
browsers protection. This variant of exploit is not universal DoS - because
it doesn't work in all browsers. If you, John, didn't know, so I'll tell
you, that already in 2008 there were browsers which can block such attacks.
<<Previous Next>>
|
