Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Experts warn of trick to bypass IE download warnings
Computerworld ^ | JANUARY 14, 2005 | Paul Roberts

Posted on 01/14/2005 4:21:11 PM PST by holymoly

It could allow an attacker to download malicious content onto vulnerable PCs

(IDG NEWS SERVICE) A computer security researcher and an antivirus company are warning Microsoft Corp. customers about an unpatched hole in the company's Internet Explorer Web browser that could allow a remote attacker to bypass security warnings and download malicious content onto vulnerable systems.

The warnings came after the hole was identified on the Bugtraq Internet security discussion list by someone using the name "Rafel Ivgi." The hole affects Internet Explorer Version 6.0.0, including the version released with Windows XP Service Pack 2. The vulnerability allows malicious attackers to bypass warnings designed to inform users when a file is being passed to their computers using a specially-crafted HTML Web document.

Microsoft officials weren't immediately able to comment on the issue.

Security software company Symantec Corp. issued a vulnerability alert about the hole today and cited Ivgi, which also provided code proving that the hole existed.

According to the Bugtraq message and Symantec alert, an Internet Explorer feature designed to catch references to file downloads doesn't detect a particular HTML event, known as "onclick," when it's combined with the common HTML Body tag, which designates the beginning and ending of the main part of a Web page.

Malicious Internet users could use the onclick event in combination with another function called "createElement" to create an IFrame, or "inline frame," which is an HTML element that allows external objects to be inserted into another HTML document. Attackers could link the IFrame to a malicious Web page that downloaded a malicious file to the user's computer when the page was clicked on, without generating a warning in the Information bar, Cupertino, Calif.-based Symantec said.

There is no patch available for the new hole, and no specific exploit code is required to take advantage of the hole, Symantec said.

Internet Explorer users are advised to avoid links provided by unknown or untrusted sources in order to keep from being lured to a malicious Web site. They can also configure the browser to disable the execution of script code and active content, though doing so could have adverse effects on the way Internet Explorer functions, Symantec said.

The news comes just three days after Microsoft issued software patches for several serious Windows security holes and released a new tool that lets users remove malicious software from their PCs (see story), and at a time of increasing competition in the Web browser market from The Mozilla Foundation's Firefox browser.

On Tuesday, the software company published security bulletins and patches for two critical holes, one in the Windows HTML Help system and the other in Windows code that handles cursor, animated cursor and icon formats.


TOPICS: Computers/Internet
KEYWORDS: browser; computersecurity; explorer; internet; microsoft; spyware
Surfing with MSIE is like playing Rusian Roulette.
1 posted on 01/14/2005 4:21:18 PM PST by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly
Surfing with MSIE is like playing Rusian Roulette.

Horse puckey.
At least you have a chance, with Russian Roulette.

2 posted on 01/14/2005 4:24:01 PM PST by Izzy Dunne (Hello, I'm a TAGLINE virus. Please help me spread by copying me into YOUR tag line.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Who's going to ping Bush2000 for the usual Baghdad Bob defense of the Death Star?


3 posted on 01/14/2005 4:29:26 PM PST by IncPen (Beware the fury of a patient man.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: IncPen
Ostrich
4 posted on 01/14/2005 4:31:56 PM PST by holymoly (About:Blank)
[ Post Reply | Private Reply | To 3 | View Replies]

To: holymoly

Thanks to FReepers, I am now using Firefox.


5 posted on 01/14/2005 4:32:44 PM PST by Bahbah
[ Post Reply | Private Reply | To 1 | View Replies]

To: IncPen

Yeah, and then there are those of us who have to use IE, because some of the sites our company uses for e-commerce require IE. Very frustrating.

If it were up to me, every single PC on our network would have Firefox.


6 posted on 01/14/2005 4:39:07 PM PST by stylin_geek (Liberalism: comparable to a chicken with its head cut off, but with more spastic motions)
[ Post Reply | Private Reply | To 3 | View Replies]

To: Bahbah
Took a little while for me to warm up to it, but I'm sold!

Firefox RULES!

7 posted on 01/14/2005 4:56:35 PM PST by martin_fierro (</pith>)
[ Post Reply | Private Reply | To 5 | View Replies]

To: ShadowAce; backhoe; Ernest_at_the_Beach

tech bump


8 posted on 01/14/2005 7:26:16 PM PST by JoJo Gunn (More than two lawyers in any Country constitutes a terrorist organization. ©)
[ Post Reply | Private Reply | To 1 | View Replies]

To: martin_fierro

Firefox does rock...I do really like this browser...I have not use IE since I downloaded Firefox.....I even changed themes..how cool!


9 posted on 01/14/2005 7:50:35 PM PST by scoastie
[ Post Reply | Private Reply | To 7 | View Replies]

To: Bahbah

And how is it going?


10 posted on 01/14/2005 8:50:23 PM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 5 | View Replies]

To: martin_fierro
For true peace of mind , now move your browsing machine to Xandros V3, (It's an easy Linux install, has Firefox 1.0 as an option.....and has a Firewall.
11 posted on 01/14/2005 8:55:05 PM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 7 | View Replies]

To: martin_fierro

Get a second machine and a KVM switch and isolate the windows machine from the internet....


12 posted on 01/14/2005 8:56:58 PM PST by Ernest_at_the_Beach (A Proud member of Free Republic ~~The New Face of the Fourth Estate since 1996.)
[ Post Reply | Private Reply | To 7 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson