|
|
|
Vulnerability Note VU#980499Certain MIME types can cause Internet Explorer to execute arbitrary code when rendering HTMLOverviewA vulnerability exists in Microsoft Internet Explorer that allows a malicious agent to execute arbitrary code when parsing MIME parts in a document. Any user or program that uses vulnerable versions of Internet Explorer to render HTML in a document (for example, when browsing a filesystem, reading email or news messages, or visiting a web page), should immediately upgrade to a non-vulnerable version of Internet Explorer.I. DescriptionInternet Explorer contains a table which is used to determine the handling of MIME types encountered in any HTML document (email messages, newsgroup postings, web pages, or local files). This table contains a set of entries that cause Internet Explorer to do the wrong thing with certain MIME parts, introducing a security vulnerability. Specifically, these incorrect entries lead IE to open specific MIME parts without giving the end user the opportunity to say if they should be opened. This vulnerability allows an intruder to construct a malicious content that, when viewed in Internet Explorer (or any program that uses the IE HTML rendering engine) can execute arbitrary code. It is not necessary to run an attachment; simply viewing the document in a vulnerable program is sufficient.The systems affected by this vulnerability include:
IE 6 is not affected by this issue. For more details, see Microsoft Security Bulletin MS01-020 (or Microsoft Knowledgebase article Q290108) on this topic at: Note: The above patch has been superseded by the IE 5.5 patches discussed in MS01-027. On May 15, 2002, Microsoft released a cumulative set of patches for Internet Explorer as discussed in MS02-023. There have been reports that simply previewing HTML content (as in a mail client or filesystem browser) is sufficient to trigger the vulnerability. This vulnerability is now being actively exploited. More information about the activity and remediation can be found in CERT Advisory CA-2001-26: Nimda Worm. This vulnerability has been exploited further, as discussed in CERT Incident Note IN-2002-05. II. ImpactAttackers can cause arbitrary code to be executed on a victim's system by embedding the code in a malicious email, or news message, or web page.III. SolutionUpgrade to IE 6, or apply the patch from Microsoft, available at:Note: The above patch has been superseded by the IE 5.5 patches discussed in MS01-027. A cumulative patch for this and other vulnerabilities is discussed in MS02-023. It has been reported that upgrading to the latest version of Windows Media Player is an additional means to protect yourself from this problem. Although this appears to protect you from a specific way to exploit this vulnerability, we do not believe it is a general purpose fix. Disabling File Downloading in all of your Security Zones will also mitigate against the risks posed by the vulnerability. Systems Affected
Referenceshttp://www.cert.org/advisories/CA-2001-06.html Microsoft has acknowledged Juan Carlos Cuartango as bringing this issue to their attention. This document was written by Jeffrey S. Havrilla and Shawn V. Hernan.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
||||||||||||||||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||||||||||||||
Get Adobe Reader