Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

New Explorer hole could be devastating
Infoworld ^ | 01/28/04 | Kieren McCarthy

Posted on 01/28/2004 1:10:12 PM PST by Salo

New Explorer hole could be devastating Browser users could be fooled into downloading executable files

By Kieren McCarthy, Techworld.com January 28, 2004

A security hole in Microsoft Corp.’s Internet Explorer could prove devastating. Following the exposure of a vulnerability in Windows XP earlier this week, “http-equiv” of Malware has revealed that Explorer 6 users (and possibly users of earlier versions) could be fooled into downloading what look like safe files but are in fact whatever the author wishes them to be -- including executables.

A demonstration of the hole is currently on security company Secunia’s website and demonstrates that if you click on a link, and select “Open” it purports to be downloading a pdf file whereas in fact it is an HTML executable file.

It is therefore only a matter of imagination in getting people to freely download what could be an extremely dangerous worm -- like, for instance, the Doom worm currently reeking havoc across the globe.

However what is more worrying is that this hole could easily be combined with another Explorer spoofing problem discovered in December.

The previous spoofing problem allowed Explorer users to think they were visiting one site when in fact they were visiting somewhere entirely different. The implications are not only troublesome, but Microsoft’s failure to include a fix for the problem in its January patches has led many to believe it cannot be prevented.

If the same is true for this spoofing issue, then it will only be a matter of time before someone who thinks they are visiting one website and downloading one file will in fact be visiting somewhere entirely different and downloading whatever that site’s owner decides.

We also have reason to believe there is no fix. It may be that today’s flaw is identical to one found nearly three years ago by Georgi Guninski in which double-clicking a link in Explorer led you to believe you were downloading a text file but were in fact downloading a .hta file.

In both cases, the con is created by embedding a CLSID into a file name. CLSID is a long numerical string that relates to a particular COM (Component Object Model) object. COM objects are what Microsoft uses to build applications on the Internet. By doing so, any type of file can be made to look like a “trusted” file type i.e. text or pdf.

Guninski informed Microsoft in April 2001. The fact that the issue has been born afresh suggests rather heavily that the software giant has no way of preventing this from happening.

So how bad could it get? Just off the top of our heads -- suppose someone set up a fake Hutton Inquiry site today with a link to the report’s summaries -- how many people across the U.K. would download a worm this afternoon? And imagine the computers it would end up on.

The possibilities are endless, and since both spoof issues appear to be unfixable, it must surely place a big question mark over Explorer’s viability as a browser.

The advice is to avoid this latest hole is always save files to a folder and then look at them. On your hard drive, the file’s true nature is revealed. But this advice is nearly as practical as Microsoft telling users not to click on links to avoid being caught out by the previous spoof problem.

All in all, it does not look good. Not good at all.


TOPICS: Business/Economy; Extended News; Technical
KEYWORDS: ie; lowqualitycrap; microsoft; ms; security; windows
Navigation: use the links below to view more comments.
first previous 1-20 ... 161-180181-200201-220 ... 241-250 next last
To: Prime Choice
Funny, isn't it...Talk about a laugh-riot...

So you think this stuff is funny, huh.

A comparison of Marxist Communism and the Open Source Software movement

(written by a communist)

A comparison of Marxist Communism and the Open Source Software ...

181 posted on 01/30/2004 4:25:24 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 180 | View Replies]

To: Prime Choice
Here's something I else I found looking on that link. Linus Torvald's secret motto seems to be "Total World Domination".

http://search.yahoo.com/search?p=torvalds+%22total+world+domination%22&ei=UTF-8&fr=fp-tab-web-t&cop=mss&tab=

That's it for me, taking off for the weekend. Hope everybody has a great one!

Gold Eagle Out.
182 posted on 01/30/2004 4:44:18 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 179 | View Replies]

To: Golden Eagle
Here's something I else I found looking on that link. Linus Torvald's secret motto seems to be "Total World Domination".

Once again, proof that humor is lost on the dense.

Go peddle your tripe at SCO.

183 posted on 01/30/2004 4:46:38 PM PST by Prime Choice (I'm pro-choice. I just think the "choice" should be made *before* having sex.)
[ Post Reply | Private Reply | To 182 | View Replies]

To: Prime Choice
Like Linus Torvalds recommending to "hire a hit man and whack em" that time if they ever found stolen code in Linux? Like I said above, if that's humor to you, you guys sure have a sick sense of it.

Out.
184 posted on 01/30/2004 4:50:04 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 183 | View Replies]

To: Golden Eagle
A comparison of Marxist Communism and the Open Source Software movement

You have no room to complain, Pinkboy. Your oh-so-hallowed Microsoft gave Red China the canonical "keys to the kingdom" by forking over its threat-to-national-security-if-seen-by-human-eyes source code.

Must be nice defending an outfit comprised of liars and traitors.

185 posted on 01/30/2004 4:51:25 PM PST by Prime Choice (I'm pro-choice. I just think the "choice" should be made *before* having sex.)
[ Post Reply | Private Reply | To 181 | View Replies]

To: Prime Choice
Must be nice defending an outfit comprised of liars and traitors.

At least I'm not one. Out.

186 posted on 01/30/2004 4:54:51 PM PST by Golden Eagle
[ Post Reply | Private Reply | To 185 | View Replies]

To: Salo
So how bad could it get? Just off the top of our heads -- suppose someone set up a fake Hutton Inquiry site today with a link to the report’s summaries -- how many people across the U.K. would download a worm this afternoon?

Six?

187 posted on 01/30/2004 4:57:20 PM PST by Sloth (Why bother with fighting foreign enemies if we surrender to the domestic ones?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Golden Eagle
Must be nice defending an outfit comprised of liars and traitors.

At least I'm not one.

By supporting them, you are one of them.

188 posted on 01/30/2004 5:50:02 PM PST by Prime Choice (I'm pro-choice. I just think the "choice" should be made *before* having sex.)
[ Post Reply | Private Reply | To 186 | View Replies]

To: aruanan
You see, that's only because it's a popular widespread OS, not because there's anything inherently wrong with it.

Memo to self: must refrain from posting on OS War Threads... have been succesful for many months.... oh, what the hey...

To Aruanan:
ROTFL!

189 posted on 01/30/2004 8:00:10 PM PST by bwteim (Begin With The End In Mind)
[ Post Reply | Private Reply | To 19 | View Replies]

To: Golden Eagle
You are their errand boy.

Must be nice defending an outfit comprised of liars and traitors.

At least I'm not one. Out.

190 posted on 01/30/2004 8:01:09 PM PST by Salo (You have the right to free speech - as long as you are not dumb enough to actually try it.)
[ Post Reply | Private Reply | To 186 | View Replies]

To: Golden Eagle
Can you believe someone would actually recommend CDE?

Sure, there are plenty of people that buy American first. The fact you scoff at it is sickening.

You are so transparent it is funny to watch you twist. Here, you're seriously claiming that you'd actually recommend a window manager like CDE to someone when there are other products available and distributed by the same vendor (Sun in this case), that are vastly superior in order to satisfy your 'buy america' urge despite it being against what would be the best interests of your supposed 'clients'. Come to think of it, it sounds a lot like the rest of the garbage you are peddling with your microsoft song and dance. It's pitiful, really, that you would actually take money from people who are paying for your recommendation when you are doing nothing but pushing a political agenda under the guise of providing technical support assistance or advise.

This, more than anything else convinces me that you do not, in fact, have any clients of this kind other than friends that you are able to bullsh!t into believing that you have a clue at all of what you are talking about. Nope. I pegged you correctly after all. What nick do you go by while astroturfing DU?

191 posted on 01/30/2004 8:06:35 PM PST by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 174 | View Replies]

To: Salo; Golden Eagle
Yup. He's "Out" alright. Must be shift change. Where's B2K?
192 posted on 01/30/2004 8:07:59 PM PST by zeugma (The Great Experiment is over.)
[ Post Reply | Private Reply | To 190 | View Replies]

To: Golden Eagle
"deserves"? That is clearly a post made in support of hackers over American businesses that do not conform to your way of reasoning.

I hear basically the same sentiment around here for people who don't do basic things to lock down their Windows systems. This just raises the bar from individual flaws to the whole OS.

193 posted on 01/31/2004 7:06:03 AM PST by antiRepublicrat
[ Post Reply | Private Reply | To 176 | View Replies]

To: adam_az
You must be reading the wrong advisory, dude.

malware.com's home page is feeding 403's (forbidden) errors.
194 posted on 01/31/2004 10:15:10 PM PST by Bush2000
[ Post Reply | Private Reply | To 152 | View Replies]

To: Vermonter; Destructor
Interesting stats. Only 4% are MacIntosh users? I thought we were a smarter bunch than that ;o)
195 posted on 01/31/2004 10:52:16 PM PST by cyn (www.terrisfight.org)
[ Post Reply | Private Reply | To 110 | View Replies]

To: adam_az
I tested the "exploit", using the samples provided on malware's webpage. Bzzzzzzzzzzt! Doesn't work. No files are delivered to C:\Windows\Temp. Nada. Zilch. Crapola.
196 posted on 02/01/2004 12:38:22 AM PST by Bush2000
[ Post Reply | Private Reply | To 152 | View Replies]

To: Salo

We interrupt this blatant sidetracking about linux and communism to remind our audience that the "devastating" hole in Internet Explorer still exists, even if Microsoft's public relations contractors would prefer that you talk about something else.

If you are a user of Internet Explorer, you should probably do something about that, like get Firebird or Mozilla or Opera.

Remember, the sooner you give in to godless communism and cut the pins out from under Microsoft, the sooner they'll have to stop sending people into Internet forums to sidetrack the threads that they don't like.


197 posted on 02/01/2004 1:08:49 AM PST by Nick Danger ( With sufficient thrust, pigs fly just fine.)
[ Post Reply | Private Reply | To 190 | View Replies]

To: Nick Danger
I would be a lot mor impressed if the alleged test actually did what is alleged. What we have here is a bit of code that inserts a null character in the URL string"

<a href="http://www.microsoft.com%00@secunia.com/internet_explorer_address_bar_spoofing_test/" style="font: 8pt verdana, sans-serif;"> Click Here to Perform Test! </a>

Show me an example of this actually doing anything.

198 posted on 02/01/2004 1:24:00 AM PST by js1138
[ Post Reply | Private Reply | To 197 | View Replies]

To: Nick Danger
I am somewhat at a loss as to why this is considered such an unfixable problem. One line of code that terminated the URL string at the first null character would do the trick.

Besides, if you click on a link that downloads a file, you will be asked what to do with the file. That would be a clue that something is wrong.
199 posted on 02/01/2004 1:43:59 AM PST by js1138
[ Post Reply | Private Reply | To 197 | View Replies]

To: Bush2000
Erg, let's try this again. The ActiveX control does not know the absolute path to "C:\Documents and Settings\[USER]\Local Settings\Temp" because it lacks knowledge of who the "[USER]" is.

Are you sure about this? Can ActiveX access environment variables? If so, then it will know %USERPROFILE% or %USERNAME%, and be able to access the file.

Mark

200 posted on 02/01/2004 1:50:56 AM PST by MarkL
[ Post Reply | Private Reply | To 18 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-20 ... 161-180181-200201-220 ... 241-250 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson