[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISN] 30 unpatched holes in IE, says security researcher


By Sam Varghese
September 11, 2003

Microsoft may be releasing details of vulnerabilities every week but
it is yet to tackle the 30 unpatched holes in Internet Explorer which
have been documented by well-known security researcher Thor Larholm.

Larholm, a former black hat and now a senior security researcher with
PivX Solutuions, said today that seven more vulnerabilities had been
added to the list he maintains, all of them having been discovered by
Chinese researcher Liu Die Yu.

"One of these new vulnerabilities exploits a new attack vector that
has surfaced in IE lately, namely misdirecting user input," Larholm
said. "This allows you to redirect a user's mouseclick to (for
example) the OK button on a dialog asking for security confirmation by
moving the browser window prior to the mouse being released.

"This resurrects the debate on whether to disable some core
functionality to heighten security, and areas such as programmatically
moving the user's browser around is likely to be the first considered
seeing as it historically impairs, rather than heightens, the user

"The six other vulnerabilities are classic cross-domain scripting
vulnerabilities that allow you to steal cookies and sensitive data
from arbitrary websites, such as your online email or banking. When
you couple these vulnerabilities with any of the known ways to load
files from local security zones, you are able to read local files,
plant files and execute arbitrary commands."

Larholm said Liu Die Yu had published similar vulnerabilities in the
past. "About half a dozen more vulnerabilities, quite similar, were
published as well by Liu Die Yu, but all of those have either been
patched long ago or explicitly patched by the latest cumulative IE
patch, MS03-032.

"Similarly, several of the vulnerabilities that remain unpatched are
known to be under active investigation by the Microsoft Security
Response Center, and I am confident that a secure patch is being
prepared for prompt release."

ISN is currently hosted by Attrition.org

To unsubscribe email majordomo@xxxxxxxxxxxxx with 'unsubscribe isn'
in the BODY of the mail.