Skip to comments.
New Explorer hole could be devastating
Infoworld ^
| 01/28/04
| Kieren McCarthy
Posted on 01/28/2004 1:10:12 PM PST by Salo
New Explorer hole could be devastating Browser users could be fooled into downloading executable files
By Kieren McCarthy, Techworld.com January 28, 2004
A security hole in Microsoft Corp.s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, http-equiv of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.
A demonstration of the hole is currently on security company Secunias website and demonstrates that if you click on a link, and select Open it purports to be downloading a pdf file whereas in fact it is an HTML executable file.
It is therefore only a matter of imagination in getting people to freely download what could be an extremely dangerous worm -- like, for instance, the Doom worm currently reeking havoc across the globe.
However what is more worrying is that this hole could easily be combined with another Explorer spoofing problem discovered in December.
The previous spoofing problem allowed Explorer users to think they were visiting one site when in fact they were visiting somewhere entirely different. The implications are not only troublesome, but Microsofts failure to include a fix for the problem in its January patches has led many to believe it cannot be prevented.
If the same is true for this spoofing issue, then it will only be a matter of time before someone who thinks they are visiting one website and downloading one file will in fact be visiting somewhere entirely different and downloading whatever that sites owner decides.
We also have reason to believe there is no fix. It may be that todays flaw is identical to one found nearly three years ago by Georgi Guninski in which double-clicking a link in Explorer led you to believe you were downloading a text file but were in fact downloading a .hta file.
In both cases, the con is created by embedding a CLSID into a file name. CLSID is a long numerical string that relates to a particular COM (Component Object Model) object. COM objects are what Microsoft uses to build applications on the Internet. By doing so, any type of file can be made to look like a trusted file type i.e. text or pdf.
Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening.
So how bad could it get? Just off the top of our heads -- suppose someone set up a fake Hutton Inquiry site today with a link to the reports summaries -- how many people across the U.K. would download a worm this afternoon? And imagine the computers it would end up on.
The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorers viability as a browser.
The advice is to avoid this latest hole is always save files to a folder and then look at them. On your hard drive, the files true nature is revealed. But this advice is nearly as practical as Microsoft telling users not to click on links to avoid being caught out by the previous spoof problem.
All in all, it does not look good. Not good at all.
TOPICS: Business/Economy; Extended News; Technical
KEYWORDS: ie; lowqualitycrap; microsoft; ms; security; windows
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 241-250 next last
Beware.
1
posted on
01/28/2004 1:10:12 PM PST
by
Salo
To: rdb3; Ernest_at_the_Beach; Bush2000; ShadowAce
Ping.
2
posted on
01/28/2004 1:11:00 PM PST
by
Salo
(You have the right to free speech - as long as you are not dumb enough to actually try it.)
To: Salo
Where do you want to be taken today?
3
posted on
01/28/2004 1:12:57 PM PST
by
Redcloak
(Cat: The other white meat.)
To: Salo
'Nuff said.
4
posted on
01/28/2004 1:13:32 PM PST
by
mhking
To: Jonathon Spectre
Ouch!
To: Salo
Bill Gates sure deserves to be knighted, doesn't he? Thank you soooo much. /sarcasm
To: FoxInSocks
If by "knighted" you mean "beaten to a bloody stump with a clue bat," yes. :-)
7
posted on
01/28/2004 1:16:00 PM PST
by
Salo
(You have the right to free speech - as long as you are not dumb enough to actually try it.)
To: Salo
if you click on a link, and select Open it purports to be downloading a pdf file whereas in fact it is an HTML executable file. Oh well we're all doomed.
8
posted on
01/28/2004 1:16:13 PM PST
by
Alouette
(I chose to NOT have an abortion -- 9 times.)
To: Salo
Thanks, I think!
9
posted on
01/28/2004 1:17:18 PM PST
by
Ernest_at_the_Beach
(The terrorists and their supporters declared war on the United States - and war is what they got!!!!)
To: Salo
I just don't understand why people still use a clunky old browser like IE unless they are forced to.
10
posted on
01/28/2004 1:26:20 PM PST
by
zeugma
(The Great Experiment is over.)
To: Dark Wing
ping
11
posted on
01/28/2004 1:28:48 PM PST
by
Thud
To: Salo
Beware indeed. BTW, for those interested, MYDOOM.B, today's guest variant, is now on the loose.
12
posted on
01/28/2004 1:29:21 PM PST
by
Ol' Sox
To: mhking
13
posted on
01/28/2004 1:33:35 PM PST
by
an amused spectator
(articulating AAS' thoughts on FR since 1997)
To: Salo
Well, this is clearly more of the "dark side of Linux."</sarcasm>
14
posted on
01/28/2004 1:35:08 PM PST
by
B Knotts
(Go 'Nucks!)
To: B Knotts; Golden Eagle
We'll have to ping Golden Eagle to find out how this is every linux user's fault.
15
posted on
01/28/2004 1:40:14 PM PST
by
Salo
(You have the right to free speech - as long as you are not dumb enough to actually try it.)
To: Salo
A security hole in Microsoft Corp.s Internet Explorer could prove devastating. AGAIN?
lotta sheep in the world...
16
posted on
01/28/2004 1:44:52 PM PST
by
TLI
(...........ITINERIS IMPENDEO VALHALLA..........)
To: Salo
The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorers viability as a browser.
Oh, puh-lease. This so-called "exploit" is hardly "devastating" or "unfixable". It doesn't work on Windows XP at all. Why not? Because Windows XP locates temporary files in "C:\Documents and Settings\\Local Settings\Temp". A crafted HTML file with an tag cannot know what "" is; therefore, the executable cannot run and the attack will fail.
17
posted on
01/28/2004 1:49:42 PM PST
by
Bush2000
To: Salo
Erg, let's try this again. The ActiveX control does not know the absolute path to "C:\Documents and Settings\[USER]\Local Settings\Temp" because it lacks knowledge of who the "[USER]" is.
18
posted on
01/28/2004 1:51:46 PM PST
by
Bush2000
To: Salo
You see, that's only because it's a popular widespread OS, not because there's anything inherently wrong with it.
19
posted on
01/28/2004 1:53:19 PM PST
by
aruanan
To: Bush2000
That's interesting. Does it run as a different user?
20
posted on
01/28/2004 1:53:34 PM PST
by
B Knotts
(Go 'Nucks!)
Navigation: use the links below to view more comments.
first 1-20, 21-40, 41-60, 61-80 ... 241-250 next last
Disclaimer:
Opinions posted on Free Republic are those of the individual
posters and do not necessarily represent the opinion of Free Republic or its
management. All materials posted herein are protected by copyright law and the
exemption for fair use of copyrighted works.
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson