goBigtime

http://www.computerworld.com.au/inde...16298&eid=-255



Internet Explorer carved up by zero-day hole

Kieren McCarthy, Techworld.com

09/06/2004 08:28:25

Two new vulnerabilities have been discovered in Internet Explorer which allow a complete bypass of security and provide system access to a computer, including the installation of files on someone's hard disk without their knowledge, through a single click.

Worse, the holes have been discovered from analysis of an existing link on the Internet and a fully functional demonstration of the exploit have been produced and been shown to affect even fully patched versions of Explorer.

It has been rated "extremely critical" by security company Secunia, and the only advice is to disable Active Scripting support for all but trusted websites.

The discovery stems from Dutch researcher Jelmer who was sent an Internet link which he was warned used unknown Explorer vulnerabilities to install adware on his computer. He found it did and embarked on a detailed analysis of the link, which demonstrates an extremely sophisticated use of encrypted code to bypass the Web browser's security.

In simple terms, the link uses an unknown vulnerability to open up a local Explorer help file -- ms-its:C:\WINDOWS\Help\iexplore.chm::/iegetsrt.htm. It delays executing anything immediately but instead uses another unknown vulnerability to run another file which in turn runs some script. This script is then used to run more script. And finally that script is used to run an exploit that Microsoft Corp. has been aware of since August 2003 but hasn't patched.

That exploit -- Adodb.stream -- has not been viewed as particularly dangerous, since it only works when the file containing the code is present on the user's hard disk. The problem comes in the fact that the Help file initially opened is assumed to be safe since it is a local file and so has minimal security restrictions.

By using the unknown exploits, code is installed within the help file window, all security efforts are bypassed, and the Adodb.stream exploit is then used to download files on the Internet direct to the hard disk.

What this means in reality is that if you click on a malicious link in an email or on the Internet, a malicious user can very quickly have complete control of your PC. And there is no patch available. You can see it happen by click here.

With the code already available on the Net, this is effectively a security nightmare ... unless you're a Mozilla or Opera user that is.

loverboy

nothing beats Netscape

IE sucks

AMADude

Fuck IE.
I use Mozilla.

__________________
No sig, just here to fuck around.

AvanteGuard

Except FireFox

__________________
Looking for Fast Professional Programming? http://www.imadigan.com
ICQ: 314-942-262 | MSN/Email: [email protected]

Juicy D. Links

great

Veterans Day

auto windows update, really simple.......NEXT

__________________
Build a Massive Traffic Network, Hands FREE, Totally Automated

Dirty F

Theres a new exploit like this every month...use IE and you are never safe.

M_M

Microsoft supports spyware

I dont see other logical explanation to them not fixing known security holes for months

Jace

windows update...why the fuck do people have a problem with updating? every time there is a new update, a little icon appears in my task tray and I get the update...how hard is that?

TheSwed

__________________

Cheap Viagra and Cialis Erectionpills

skillfull

use firefox or opera
still using IE is just being idiot

__________________
mind at underdark dot cc
SEO Analyst
Thunder-Ball.net - Member

Veterans Day

I know IE consumes 99% of my traffic

__________________
Build a Massive Traffic Network, Hands FREE, Totally Automated

strobi

exploiters are making tons of money again! hurray!!

AnalProbe

IE 3.0 works fine for me.

Helix

And finally that script is used to run an exploit that Microsoft Corp. has been aware of since August 2003 but hasn't patched.

so much for update

goBigtime

Wtf are you NEXT'ing about? Can't you read?

Sambo

Went to firefox a couple of weeks ago......

Will never use IE again!!

goBigtime

Be sure to get the googlebar at http://googlebar.mozdev.org & tweak it how you like it.

The mozilla googlebar has a ton of cool one-click goodies on it like image searching, google groups, google news, dictionary & thesaurus lookups, page translation, backlinks etc.

You have to play with it a little to get it setup nice though.

I have 3 toolbar strips total on mine...





Notice the instant useragent switcher .... so you can make yourself look like a search engine spider & look at peoples pages how they want them to appear for the SE's :graucho

Sambo

Thanks.... I was looking for one of those!!

goBigtime

I don't use that UA switcher all the time though... I can't stand more than 3 toolbars and I use that precious little space for my quick site links / bookmarks.

To get it down to 3 functional strips like that I moved all the bookmarks to that toolbar and then disabled the bookmark toolbar. (in... view | toolbars )




Btw... middle-click on any link to open a new tab!
(and middle click on the tab to close it)

Sambo

Great tip.....

Thanks again!!

submitter

how many of you have buyed windows?
i, no.

__________________
* lesbian thumb tgp/mgp:looking for trades
* submit your lesbian galleries here
* simple php programing on the cheap
* icq:158726131

jwerd

I am so happy I switched my mail client and browser to Firebird and Firefox So much better.

__________________
Yii Framework Guru - Seasoned PHP vet - Partner @ XXXCoupon.com

nofx

and this is why i love and use Opera, www.opera.com

__________________

HarryHo

jESUS CHRIST all the idiots respond again

HELLO MORONS .

NETSCAPE HAS NO SECURITY
FIRECHEESE/OPERA HAS NO SECURITY and isn't even functional

I will tell you the difference between your cheesy fucked up browsers and i.e.

Internet explorer runs updates regularly to patch holes.

This hole isnt new , i have been using it for months.

Firefox and netscape are the swiss cheese of the browser industry.

I.e. is the whipping post for the browser industry.

Anyone who is a webmaster and tells you they dont use i.e. is full of shit or very very poor. They may not use it very often , but if they dont use it they don't know what everyone else is seeing..

Suprise Suprise nobody like i.e. , but its better than your browser

BTW the same holes exist as the holes explained in the article in both opera and netscape, they just don't report them because they don't plan on patching them.

__________________
I sale Cheap organs

Theo

someone send this thread to Hooper

HarryHo

btw if anyone wants to see a sample of this security hole i would be glad to show you how it works..

__________________
I sale Cheap organs

DamageX

Don't tell me that you're so stupid that after reading that text you still think windows update will fix that hole?

__________________

Sambo

I updated IE every day.... if an update was available

Every day IE was rendered useless by some crap spyware etc.....

I have been using FireFox for 2 weeks without a single problem

A simple fact

If I am building sites I always veiw them in IE..... but so far I have never seen a difference between IE and FireFox rendering of my pages.... again a simple fact

DamageX

Why do you think that is, Einstein? Nobody bothers creating exploits for Mozilla and Opera, because they have so small market shares. It's not like everybody's out to fuck it up for MS. It's all business. Moron.

__________________

AlienQ - BANNED FOR LIFE

Fuck that, delete the thread already just incase.

__________________

Sambo

I know the reason for it......

But it dosnt change the fact that I dont have problems!!!!

And thats the important thing..... moron

jimmyf

I was also

thanks

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

jimmyf

go buy it then.

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

goBigtime

Actually, FireFox & Mozilla are open-source community based projects contributed to by people all over the world. If a vulnerability is discovered, they get fixed pronto.


Note that he's not talking about open source Mozilla / FireFox.

Otherwise it would be even more clear that he doesn't understand how open source communities work. "They just don't report them..." there are no big bug-suppression conspiracies like that in open source. It sort of defeats the purpose.


Anyway you can test various browsers here and see how they compare http://bcheck.scanit.be/bcheck

Manowar

Firefox, its whats for breakfast

HarryHo

Guess what the farmer sad when the cow died...?

" gee thats the first time she has ever done that "

__________________
I sale Cheap organs

jimmyf

this correct.

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

DamageX

__________________

jimmyf

And i might add.

this is correct.

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

Sambo

Well the cow is fit and well at the moment.....

Which is better than I can say for that lame duck I was using

goBigtime

Not that I rely on online browser based security tests to tell me if I'm "secure" or not,

...but for shits & giggles, here are my results from:

http://bcheck.scanit.be/bcheck


Browser Security Test Results

Dear Customer,

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0


FireFox here.

jimmyf

guess what?

you be hard headed, keep on using IE.
more power 2 you.

because I don't think it smart, but that's just me.

I never have and never will use Outlook, used and still check my pages with IE.

__________________
Epic CashEpic Cash works for me
Solar Cash Paysite Plugin
Gallery of the day freesites,POTD,Gallery generator with free hosting

goBigtime

bump

winter

I.E. 6.0, Googlebar, and norton internet security. SUCK IT OPERA/NUTSCRAPE BITCHES



The Browser Security Test is finished. Please find the results below:

High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

Holly

FWIW, I run IE 6, Norton, and Zonealarm, and I got the same results. I wonder if anyone with IE has had vulnerabilities to show up. And if so, does it actually tell you what to do to fix them or give you links to the patches? Or is it a "pay us/buy our software and we'll tell you the fix" deal?

My wmp opened, I got a download box, and a bunch of other crap, so I was surprised I passed.

__________________
War National Damn Champions Eagle

AdultNex

That won't work for some cloaked pages.

Just changing the useragent will do nothing.

cluck

It's not new. Sorry.

__________________
icq 279990726
www.mcdonalds.com <- great money making opportunity

Elli

Just for fun I turned off ZoneAlarm and ran only mozilla 1.6. And this is what I got:

The Browser Security Test is finished. Please find the results below:
High Risk Vulnerabilities 0
Medium Risk Vulnerabilities 0
Low Risk Vulnerabilities 0

__________________
email: [email protected]

Diligent

With Firefox, the only crap I may have to put up with is JS window-resizing..

HarryHo seems quite familiar with the mentioned exploit... Makes You wonder
if he isn't making coin on it

Also.. he seems to be enough of a moron to believe he can convert us non-IE's
back from the safer gear..

__________________