Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
|
|
|
|
|
|
|
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
|
|
|
|
Become a Partner and License Our Database or Notification Service
|
|
|
|
|
|
|
|
|
|
|
|
|
(Vendor Issues Fix) Microsoft Internet Explorer Various Cross-Domain Flaws Permit Remote Scripting in Arbitrary Domains
|
|
SecurityTracker Alert ID: 1009198 |
|
SecurityTracker URL: http://securitytracker.com/id/1009198
|
|
CVE Reference:
CVE-2003-0814, CVE-2003-0815, CVE-2003-0816
(Links to External Site)
|
Date: Feb 25 2004
|
Impact:
Disclosure of authentication information, Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes
|
Version(s): 5.01, 5.5, 6, 6 SP1
|
Description:
Several cross-domain scripting vulnerabilities were reported in Microsoft Internet Explorer (IE). A remote user can cause arbitrary scripting to be executed in an arbitrary security domain.
Liu Die Yu reported multiple vulnerabilities in IE. A remote user can create HTML that, when loaded by the target user, will cause scripting code to be executed in a different domain (such as the Local Computer domain). The scripting code can access information related to the domain, potentially including cookies, files, and system commands.
Demonstration exploit examples are available at:
http://umbrella.mx.tc/
http://www.safecenter.net/liudieyu/
|
Impact:
A remote user can create HTML that will cause arbitrary scripting code to be executed in an arbitrary security domain on the target user's system when the target user loads the HTML.
|
Solution:
[Editor's note: On February 2, 2004, Microsoft issued MS04-004 that supercedes MS03-48. See the Message History for information on MS04-004.]
Microsoft has issued the following fixes as part of MS03-048:
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9D8543E9-0E2B-46C9-B6C6-12DE03860465&displaylang=en
Int ernet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=35F99CF5-3629-4E0E-BF60-24845D2D20C9&displaylang=en
Inter net Explorer 6 Service Pack 1 for Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D0D02DD-8940-48E0-B163-3FCDCB558F21&displaylang=en
Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8BEFA1EC-0C48-4B65-989D-58B0CE1E6 F95&displaylang=en
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C4D22F0-FBF7-4EA6-9CC2-27D104D4198E&displaylang=en
Internet Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E438AFD4-DF70-448C-8925-1075C8BE6C5E&displaylang=en
Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C15E2DB3-14E2-43A4-A1A1-676374B66517&displaylang=en
Internet Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F4853D8F-F66C-4D8A-9979-3B4F540F90A8&displaylang=en
Internet Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=221616D4-5893-4DA4-A223-B0DE548D6D83&displaylang=en
This cumulative update replaces the cumulative update that was described in MS03-040.
This update also sets the kill bit on the some ActiveX controls, including the Windows Trouble Shooter (Tshoot.ocx), the Symantec RuFSI Registry Information Class (Rufsi.dll), and the RAV Online Scanner (Ravonine.cab). See the advisory for the CLSID numbers.
See the Microsoft advisory for a list of workarounds and a description of installation options:
http://www.microsoft.com/technet/security/bulletin/MS03-048.asp
|
Vendor URL: www.microsoft.com/technet/security/bulletin/MS03-048.asp (Links to External Site)
|
Cause:
Access control error, State error
|
Underlying OS:
Windows (Any)
|
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Tue, 11 Nov 2003 17:55:45 -0500
Subject: MS03-048
|
http://www.microsoft.com/technet/security/bulletin/MS03-048.asp
Microsoft Security Bulletin MS03-048
Cumulative Security Update for Internet Explorer (824145)
Issued: November 11, 2003
Version: 1.0
Impact of Vulnerability: Remote Code Execution
Maximum Severity Rating: Critical
CVE: CAN-2003-0814, CAN-2003-0815, CAN-2003-0816, CAN-2003-0817, CAN-2003-0823
Affected Versions:
* Internet Explorer 6 Service Pack 1
* Internet Explorer 6 Service Pack 1 (64-Bit Edition)
* Internet Explorer 6 Service Pack 1 for Windows Server 2003
* Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition)
* Internet Explorer 6
* Internet Explorer 5.5 Service Pack 2
* Internet Explorer 5.01 Service Pack 4
* Internet Explorer 5.01 Service Pack 3
* Internet Explorer 5.01 Service Pack 2
Affected Operating Systems:
* Microsoft Windows 98
* Microsoft Windows 98 Second Edition
* Microsoft Windows Millennium Edition
* Microsoft Windows NTŪ Workstation 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Service Pack 6a
* Microsoft Windows NT Server 4.0 Terminal Server Edition, Service Pack 6
* Microsoft Windows 2000 Service Pack 2, Service Pack 3, Service Pack 4
* Microsoft Windows XP, Microsoft Windows XP Service Pack 1
* Microsoft Windows XP 64-Bit Edition
* Microsoft Windows XP 64-Bit Edition Version 2003
* Microsoft Windows ServerŪ 2003
* Microsoft Windows Server 2003, 64-Bit Edition
Microsoft issued a cumulative security update for Internet Explorer 5.01, 5.5, and 6.0.
The advisory included five new vulnerabilities:
* ExecCommand Cross Domain Vulnerability: CAN-2003-0814
* Function Pointer Override Cross Domain Vulnerability: CAN-2003-0815
* Script URLs Cross Domain Vulnerability: CAN-2003-0816
* XML Object Vulnerability: CAN-2003-0817
* Drag-and-Drop Operation Vulnerability: : CAN-2003-0823
Microsoft has issued the following fixes:
Internet Explorer 6 Service Pack 1:
http://www.microsoft.com/downloads/details.aspx?FamilyId=9D8543E9-0E2B-46C9-B6C6-12DE03860465&
;displaylang=en
Internet Explorer 6 Service Pack 1 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=35F99CF5-3629-4E0E-BF60-24845D2D20C9&
;displaylang=en
Internet Explorer 6 Service Pack 1 for Windows Server 2003:
http://www.microsoft.com/downloads/details.aspx?FamilyId=7D0D02DD-8940-48E0-B163-3FCDCB558F21&
;displaylang=en
Internet Explorer 6 Service Pack 1 for Windows Server 2003 (64-Bit Edition):
http://www.microsoft.com/downloads/details.aspx?FamilyId=8BEFA1EC-0C48-4B65-989D-58B0CE1E6F95&
;displaylang=en
Internet Explorer 6:
http://www.microsoft.com/downloads/details.aspx?FamilyId=4C4D22F0-FBF7-4EA6-9CC2-27D104D4198E&
;displaylang=en
Internet Explorer 5.5 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=E438AFD4-DF70-448C-8925-1075C8BE6C5E&
;displaylang=en
Internet Explorer 5.01 Service Pack 4:
http://www.microsoft.com/downloads/details.aspx?FamilyId=C15E2DB3-14E2-43A4-A1A1-676374B66517&
;displaylang=en
Internet Explorer 5.01 Service Pack 3:
http://www.microsoft.com/downloads/details.aspx?FamilyId=F4853D8F-F66C-4D8A-9979-3B4F540F90A8&
;displaylang=en
Internet Explorer 5.01 Service Pack 2:
http://www.microsoft.com/downloads/details.aspx?FamilyId=221616D4-5893-4DA4-A223-B0DE548D6D83&
;displaylang=en
This cumulative update replaces the cumulative update that was described in MS03-040.
This update also sets the kill bit on the some ActiveX controls, including the Windows
Trouble Shooter (Tshoot.ocx), the Symantec RuFSI Registry Information Class (Rufsi.dll),
and the RAV Online Scanner (Ravonine.cab). See the advisory for the CLSID numbers.
See the Microsoft advisory for a list of workarounds and a description of installation
options:
http://www.microsoft.com/technet/security/bulletin/MS03-048.asp
|
|
Go to the Top of This SecurityTracker Archive Page
|
