Main Menu
Network
Sponsor
Top 10 Sites
Partners
|
|
Top Submit newsSubscribe 
Communication | Computer Crime | Digital Audio, Video, Photo | General News | Hardware | Internet | Mobile | PDA | Security | Software | Vulnerability |
Previous articleBack to news listNext article
| Sponsored links | Want to become one of our authors and see your work published on ALLSeek.iNFO ?
| | Microsoft IE AnchorClick Behavior and HTML Help Let Remote Users Execute Arbitrary Code |
|---|
Categorie: Vulnerability
Posted: 2004-10-22 by ReCall
Views: 499
Source: Click here
| Current Rating: Not rated
|
| | Details |
|---|
Description: A vulnerability was reported in Microsoft Internet Explorer (IE) in the 'AnchorClick' behavior. A remote user can create HTML that, when loaded by the target user, will execute arbitrary code in the Local Computer zone.
http-equiv reported that a remote user can create HTML containing an AnchorClick behavior to silently open a known directory on the target system (using the Shell.Explorer ActiveX object) and also containing a specially crafted image that, when dragged by the target user to the previously mentioned window, will cause the image file to be written to the target user's computer in a known location.
It is reported that only certain document types can be used in this type of drag and drop exploit, including '.xml', '.doc', '.py', '.cdf', '.css', '.pdf', '.ppt' and others. So, the specially crafted image file must emulate one of these formats, as IE will attempt to determine the content type if the extension is missing.
Then, the HTML can invoke HTML Help (hh.exe) with an invalid window to cause HTML Help to load the image file (which actually contains HTML scripting code). The HTML scripting code can then retrieve an arbitrary text file from a remote location and write it to an '.hta' file on the local computer. Then, the contents of the '.hta' file can be executed.
A demonstration exploit is available at:
http://www.malware.com/noceegar.html
Impact: A remote user can execute arbitrary code in the Local Computer zone on the target user's system.
Solution: No solution was available at the time of this entry.
PivX reports that you can set the Kill Bit on the Shell.Explorer ActiveX object to prevent IE from referencing local directories in a window object. PivX Labs has released a registry fix to set the Kill Bit on Shell.Explorer, available at:
http://www.pivx.com/research/freefixes/neutershellexplorer.reg
| | Syndication |
|---|
Permalink Email this
The URI to TrackBack this entry is:
http://allseek.info/news/trackback.php?id=1037
| | User comments (post your comments ) |
|---|
Only registerd members can post comments and articles
|
| Previous articleBack to news listNext article
|
|
|
|
InterJOB.su
|
