Next Page >>
IE browser
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Internet Explorer Dynamic OBJECT tag and URLMON sniffing vulnerabilities
1. *Advisory Information*
Title: Internet Explorer Dynamic OBJECT tag and URLMON sniffing
Hash: SHA1
~ Core Security Technologies - CoreLabs Advisory
~ http://www.coresecurity.com/corelabs/
Internet Explorer Zone Elevation Restrictions Bypass and Security Zone
Restrictions Bypass
*Advisory Information*
Hash: SHA1
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/corelabs/
Internet Explorer Security Zone restrictions bypass
1. *Advisory Information*
Title: Internet Explorer Security Zone restrictions bypass
A vulnerability was discovered in these three popular versions of AOL
Instant Messaging software, AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite,
which expose workstations running the IM clients and their users to
several immediate high-risk attack vectors. To support rendering of HTML
content, the vulnerable IM clients use an embedded Internet Explorer
server control. Unfortunately they do not properly sanitize the
potentially malicious input content to be rendered and, as a result, an
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
A vulnerability was discovered in these three popular versions of AOL
Instant Messaging software, AIM 6.1 (and 6.2 beta), AIM Pro and AIM Lite,
which expose workstations running the IM clients and their users to
several immediate high-risk attack vectors. To support rendering of HTML
content, the vulnerable IM clients use an embedded Internet Explorer
server control. Unfortunately they do not properly sanitize the
potentially malicious input content to be rendered and, as a result, an
attacker might provide malicious HTML content as part of an IM message to
directly exploit Internet Explorer bugs or to target IE‟s security
configuration weaknesses.
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 09, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
http://labs.idefense.com/intelligence/vulnerabilities/
Feb 12, 2008
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, visit following URL.
http://www.microsoft.com/ie/
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 11, 2007
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. and included as part of Microsoft Windows since 1995. The
setExpression method is commonly used to assign a JavaScript expression
to a CSS or DHTML object within a web page. For more information, visit
the following URLs.
BLUE MOON SECURITY ADVISORY 2009-04
===================================
:Title: Remote Denial of Service in Internet Explorer
:Severity: Moderate
:Reporter: Blue Moon Consulting
:Products: Internet Explorer 7 and 8
:Fixed in: --
/*
This code is for a DLL that loads into Internet Explorer as a BHO and
modifies MSHTML.DLL in memory to render attempts to exploit this new
IE vulnerability inert. It does that by forcing a "controlled crash"
at a high address, instead of letting EIP reach an MSHTML-dependent
address that could fall within the heap-sprayable zone. It's not a
patch, or a "fix" in any pure sense -- it's just a mitigation.
The vulnerability details I've figured out are that
--------------------------------------------------
From: "MustLive" <mustlive@websecurity.com.ua>
Sent: Monday, May 31, 2010 9:33 PM
To: "Susan Bradley" <sbradcpa@pacbell.net>
Cc: <bugtraq@securityfocus.com>
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
> Hello Susan and other readers, who replied to my previous advisory.
>
> Earlier I've already answered Vladimir, now I'd answer Susan and soon I'd
Neat PoC. However, this requires the users to have configured IE to run
Active-X content. On my test machines, I was prompted by the Browser
before the code ran. Surprisingly, CSA never stopped it.
I tested this on:
Internet Explorer 7 on Windows XP 32-bit w/ Cisco Security Agent
v5.0.0.176
Internet Explorer 7 on Vista 32-bit (no CSA)
Thanks,
1. copy msf_smb_weak_nonce.rb to
<METASPLOIT_DIR>/modules/exploits/windows/smb
2. Run setup_smb_weak_nonce.rb specifying the IP of the victim (e.g.:
ruby setup_smb_weak_nonce.rb 192.168.10.1). After collecting the nonces
the script will listen on port 445 for incoming SMB connections.
3. Run Internet Explorer and load 'conn.html'. This will produce 1000+
connections to the SMB server implemented by setup_smb_weak_noce.rb.
(Note 1: setup_smb_weak_nonce.rb needs to be run as root to be able to
listen on port 445/tcp)
(Note 2: If you load 'conn.html' with Internet Explorer and
Due to advantages of JS exploit for these vulnerabilities over non-JS
exploit, I wrote JavaScript exploits for these advisories and I'd write for
future advisories (but I'd be reminding about possibility of attacking
without JS). But soon I'll present one exploit also in "pure-iframe" version
(without JS) for Internet Explorer and other applications - in case when
small amount of iframes lead to crash.
> Thank you. Now if you could wait for patches before disclosing I'd be
> even happier.
----- Original Message -----
From: "Jeremiah Gowdy" <Jeremiah.Gowdy@freedomvoice.com>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
Sent: Monday, July 20, 2009 10:16 PM
Subject: RE: DoS vulnerabilities in Firefox, Internet Explorer, Opera and
Chrome
> I've tested this DoS on Internet Explorer 8, does not significantly impact
> my system.
I want to warn you about security vulnerabilities in different browsers.
With this advisory I'm continue my series of vulnerabilities in browsers,
which belong to group of DoS via protocol handlers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4248/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Firefox,
Internet Explorer, Chrome and Opera. Which belong to type of DoS via
protocol handlers. Earlier I already wrote about DoS vulnerabilities in
Firefox, Internet Explorer, Chrome and Opera and DoS attacks on email
clients via protocol handlers. This new advisory will show you the situation
of browsers behavior with other protocol handlers.
All those who doubt that these DoS vulnerabilities in browsers and email
http://labs.idefense.com/intelligence/vulnerabilities/
Mar 30, 2010
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website:
http://www.microsoft.com/ie/
http://labs.idefense.com/intelligence/vulnerabilities/
Dec 08, 2009
I. BACKGROUND
Internet Explorer is a graphical web browser developed by Microsoft
Corp. that has been included with Microsoft Windows since 1995. For
more information about Internet Explorer, please the visit following
website: http://www.microsoft.com/ie/
II. DESCRIPTION
Hello Bugtraq!
I want to warn you about Denial of Service vulnerabilities in Internet
Explorer.
Today I additionally checked these vulnerabilities in IE and found that they
also work in IE7, besides IE6.
DoS vulnerabilities in Firefox, Internet Explorer and Opera
http://websecurity.com.ua/3130/
Action - For SMA v2.1, customers should download patch from Microsoft and install.
-------------------------------------------------
MS Patch - MS08-023 Security Update of ActiveX Kill Bits (948881)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
Impacts only Internet Explorer 6 SP1 - Or - Internet Explorer 5.01 SP4
To determine your IE version check the IE help page.
-------------------------------------------------
MS Patch - MS08-024 Cumulative Security Update for Internet Explorer (947864)
Analysis - Possible security issue exists. Patch will run successfully.
Action - For SMA v2.1, customers should download patch from Microsoft and install.
Severity:
High (Code Execution)
Systems Affected:
Internet Explorer 6 SP1 - Windows 2000 SP4
Internet Explorer 6 SP1 - Windows XP SP1
Internet Explorer 6 SP2 - Windows XP SP2
Internet Explorer 6 SP1 - Windows Server 2003 SP1
Internet Explorer 6 SP2 - Windows Server 2003 SP2
Hello Bugtraq!
I want to warn you about File Download and Denial of Service vulnerabilities
in Mozilla Firefox, Internet Explorer, Google Chrome and Opera. Earlier I
already wrote about DoS vulnerabilities in different browsers via different
protocol handlers. And now I'll tell about research concerned with attacks
via protocols http and ftp which I made already in 2008 and published at
30.06.2010.
-----------------------------
> http://websecurity.com.ua
>
> ----- Original Message ----- From: "Susan Bradley" <sbradcpa@pacbell.net>
> To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
> Sent: Tuesday, May 18, 2010 8:38 PM
> Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
> Opera and other browsers
>
>
>> 16.05.2010 - found vulnerability.
>> 17.05.2010 - disclosed at my site.
Hello Bugtraq!
I want to warn you about security vulnerability in different browsers.
-----------------------------
Advisory: DoS vulnerabilities in Firefox, Internet Explorer, Chrome and
Opera
-----------------------------
URL: http://websecurity.com.ua/4238/
-----------------------------
Affected products: Mozilla Firefox, Internet Explorer 6, Internet Explorer
----- Original Message -----
From: "Susan Bradley" <sbradcpa@pacbell.net>
To: "MustLive" <mustlive@websecurity.com.ua>; <bugtraq@securityfocus.com>
Sent: Tuesday, May 18, 2010 8:38 PM
Subject: Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome,
Opera and other browsers
> 16.05.2010 - found vulnerability.
> 17.05.2010 - disclosed at my site.
IPB (http://websecurity.com.ua/1893/) via embedded flash files and released
fix for it in my MustLive Security Pack (http://websecurity.com.ua/1896/).
In 2008 there was found Cross-Site Scripting vulnerability in IPB
(http://securityvulns.ru/Tdocument862.html) via htm and html files in
attachments. It was concerned Internet Explorer, in which a code was
executing in context of the site (in Mozilla and Firefox a code was
executing locally). But as I checked at 12.12.2009, in Opera a code also is
executing in context of the site.
And recently there was found new XSS vulnerability in IPB
Jul 28, 2009
I. BACKGROUND
HTML+TIME (HTML Timed Interactive Multimedia Extensions)is a web
standard that was created for Microsoft Corp.'s Internet Explorer (IE)
to allow web page authors to create timed animation content on a web
page. This is accomplished using an XML like markup that makes use of
HTML+TIME properties and elements. Internet Explorer supports this
markup standard, and also exposes a scripting interface for interacting
with the HTML+TIME elements on the page. For more information, please
I've tested this DoS on Internet Explorer 8, does not significantly impact my system.
-----Original Message-----
From: MustLive [mailto:mustlive@websecurity.com.ua]
Sent: Sunday, July 19, 2009 10:33 AM
To: bugtraq@securityfocus.com
Subject: DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome
Hello Bugtraq!
Hello Bugtraq!
As I checked this DoS vulnerability today, it also works in IE7, besides
IE6.
Vulnerable version is Internet Explorer 7 (7.0.6000.16473) and previous
versions (and potentially next versions).
P.S.
Also I wrote to Ruben Reguero two days ago, and told him that it was strange
Next Page>>
|
