Home page logo

bugtraq logo Bugtraq mailing list archives

Re: EEYE: Internet Explorer Object Data Remote Execution Vulnerability
From: Nerijus Krukauskas <nk99 () delfi lt>
Date: Fri, 22 Aug 2003 11:27:33 +0300

Marc Maiffret wrote:
Internet Explorer Object Data Remote Execution Vulnerability

Release Date:
August 20, 2003

Reported Date:
May 15, 2003

High (Remote Code Execution)

Systems Affected:
Microsoft Internet Explorer 5.01
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0
Microsoft Internet Explorer 6.0 for Windows Server 2003

eEye Digital Security has discovered a security vulnerability in Microsoft's
Internet Explorer that would allow executable code to run automatically upon
rendering malicious HTML.

This is a flaw in Microsoft's primary contribution to HTML, the Object tag,
which is used to embed basically all ActiveX into HTML pages. The parameter
that specifies the remote location of data for objects is not checked to
validate the nature of the file being loaded, and therefore trojan
executables may be run from within a webpage as silently and as easily as
Internet Explorer parses image files or any other "safe" HTML content.

This attack may be utilized wherever IE parses HTML, including web sites,
e-mail, newsgroups, and within applications utilizing web-browsing


In case anyone needs a SNORT rule to catch attempts to exploit this vulnerability:

alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any (msg:"Internet Explorer Object Data Remote Execution Vulnerability"; \
        content:"F935DC22-1CF0-11D0-ADB9-00C04FD58A0B"; \
        nocase; flow:from_server, established; \
        reference:cve,CAN-2003-0532; \
        classtype:web-application-activity; rev:1;)

  Any improvements and suggestions to this rule are highly welcomed.

NK @ Vilnius

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]