Re: APPS: Internet Explorer Security Hole

Lucas Parra (lucas@humanism.org)
Sat, 17 Jan 1998 12:46:40 -0500


As followup check out your Internet Explorer with:

http://l0pht.com/advisories/mkbug40.html
http://l0pht.com/advisories/mkbug401.html

:-)

Lucas

-- 
----------------------------------------------- www.humanism.org/~lucas
Information is the ultimate product of human activity. Create it, store 
it, use it, but never own it. Intellectual property is public property.
-----------------------------------------------------------------------

> Date: Fri, 16 Jan 1998 18:08:33 +0000 > Reply-To: waynef@cyberenet.net > Sender: owner-CU-SEEME-L@cornell.edu > Precedence: bulk > From: Wayne Fisher <waynef@cyberenet.net> > Mime-Version: 1.0 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > X-Sender: wfisher@cyberenet.net > X-To: Bitnet Help-Net <help-net@listserv.temple.edu>, > Windows 95 Help List <win95-l@peach.ease.lsoft.com>, > Internet Explorer Listserv <ie4@memphis97.com>, > CUSeeMe Listserv <CU-SEEME-L@cornell.edu> > X-PH: V4.1@cornell.edu (Cornell Modified) > X-Mailer: Mozilla 3.0 (X11; U; HP-UX B.10.01 9000/730) > X-Listprocessor-Version: 7.2(a) -- ListProcessor by CREN > > The following article is quoted from PC World Online... > > Just thought I should pass the info on.... > > - Wayne > > > Hacker Discovers New Way to Exploit IE > Security Bug > by Brian McWilliams, PC World News Radio > January 15, 1998 > > The tight integration of Internet Explorer with Windows is being > blamed for a new browser security flaw discovered Wednesday. > > A Massachusetts college student and hacker named Dildog has > released the source code for an attack that in some circumstances > causes IE4 and IE4.01 to crash and then execute any attached binary > code. > > It's a new version of the RES bug discovered by Dildog in November, > different only in that it's launched with a URL that begins with "mk" > instead of one that begins with "res". And it affects not only Windows > 95 machines, but NT systems as well. > > Dildog told NewsRadio that IE4's buffer overflows when it encounters > a Web page or an HTML e-mail message with the appropriate URL. > That causes the browser to page-fault and then, in some cases, to run > any binary code that's appended to the URL. > > "Anything that uses mshtml.dll, or particularly urlmon.dll" is > vulnerable, > says Dildog. "Since IE is so integrated, almost all the apps that > Microsoft writes end up using mshtml and urlmon...so they're all > vulnerable." > > A demo of the attack, which is available on the Web, causes some > Windows 95 and NT machines to crash and download what Dildog > says is a small, harmless file to your hard drive, which then > automatically executes. Microsoft has not yet commented on the bug. > > According to Dildog, there's currently no way for IE4 users to avoid the > flaw, other than to use a different browser. He says there seems to be > "a pattern of coding carelessness on the part of the IE4 people who > wrote that particular section--it's happened twice in the same area. If > there are any more [security holes] in there, how long is it going to be > before people wise up?" >