More IE Vulnerabilities Discovered Trio of Vulnerabilities Reported in Recent Days Sean Michael Kerner
Once again, the specter of critical vulnerabilities in the world's most dominant Web browser has risen. A trio of vulnerabilities has been reported in recent days, further exposing Microsoft Internet Explorer (IE) users to the risk of potential attack from malicious users.
Late Tuesday, German Security Researcher Benjamin Tobias Franz reported a URL spoofing bug with iframes in IE. When exploited, the bug permits a faked target address to be shown in the status bar window.
"Successful exploitation allows a malicious Web site to obfuscate URLs in the status bar, even when JavaScript support has been disabled," according to a note on the BugTraq site.
Security researcher Gilbert Verdian reported the same bug in Apple's Safari Web browser running on OS X.
A Microsoft spokesperson told internetnews.com that the company had not been made aware of any active exploits of the reported vulnerabilities or customer impact at this time, but that it is aggressively investigating the public reports.
"Upon completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a fix through our monthly release process or an out-of-cycle security update, depending on customer needs," the spokesperson said.
Security firm Secunia is also reporting an "extremely critical" Internet Explorer IFRAME Buffer Overflow Vulnerability. A working exploit is out in the wild already that can potentially lead to execution of arbitrary code on a user's PC.
"The vulnerability is caused due to a boundary error in the handling of certain attributes in the IFRAME HTML tag," Secunia's advisory states. "This can be exploited to cause a buffer overflow via a malicious HTML document containing overly long strings in the "SRC" and "NAME" attributes of the IFRAME tag."
As with the URL spoofing issue, Windows XP SP2 users are not at risk. However, users running XP without SP2 or those running a non-XP Windows OS (like Windows 2000) are at risk.
XP SP2 users, however, are still not out of the woods. A new variant of the drag and drop vulnerability was reported by Iranian security researcher Roozbeh Afrasiabi.
This time the vulnerability has been used to bypass local zone security restrictions in order to expose cross-zone and cross-domain scripting vulnerabilities.
"A security site/zone restriction error, where an embedded HTML Help control, e.g. a malicious Web site, references a specially crafted index (.hhk) file,
can execute local HTML documents or inject arbitrary script code in context of a previous loaded document using a malicious JavaScript URI handler," according to the Secunia advisory.
Microsoft's spokesperson downplayed any potential impact from this particular report, noting that the company has received no customer reports of impact at this time.
"An attacker would need to first entice the user to visit a specific Web site and then entice the user take a series of specific actions on the Web site, then reboot or log off before the attack could succeed without user action," the spokesperson explained.
The spokesperson also noted that customers who have applied the latest Internet Explorer update, MS04-038, can set the "Drag and Drop or copy and paste files" option in the Internet and intranet zone to "Disable" or "Prompt." Once this setting is changed, the attack described in the report will not succeed.
"With both of these issues, we continue to encourage customers to follow our Protect Your PC guidance of enabling a firewall, getting software updates, and installing anti-virus software," Microsoft's spokesperson said.
