Re: TXT or HTML? -- IE NEW BUG

["Fred Oliveira" <kript0n () europeonline com>]

> TXT or HTML? -- IE NEW BUG
> vulnerable programs:
> IE4 ,IE5 ,IE5,IE6 ,Microsoft Word ,Microsoft
> Excel,Microsoft PowerPoint,
> Tencent explorer (I've tested all the versions of IE that i can find, they
are all vulnerable)

> description:
> IE doesn't recognize the extensions of files, which may contain some html
code.

I'm afraid this is somewhat incorrect. Windows shell programs do recognize
the file extensions. The problem is that when a user opens a file with a
html aware application, the html parser always tries to read tags in the
file. This happens in html reading/writing programs (notice that all the
programs you pointed out as being vulnerable do this), and not on others.

It is my belief that microsoft is aware of this. After all, they know they
have html parsers on their programs, because thats one of the functions of
those (go imagine IE not parsing html targets on files it reads stand-alone.
it wouldn't be a browser at all). Thus, this is no bug at all. Probably the
code parsing shouldn't be done in files other than .html, .htm, but if it is
not to be considered as a bug.

> 1) download some antivirus softwares. and update the virus datebase all
the
> time. and change the name of some 'dangerous' programs  in your system,
such
> as format.exe deltree.exe etc. i.e change format.exe to format_0.com etc.
> 2) try, not to visit those so-called 'hacker'or'cracking'sites. most of
the
> time, you are the victim while you want to learn to attack others.
> 3) if you have to go visit some site that you are not quite sure if they
are
> safe. then check it here first: http://crazybird.51.net/look.htm
>    or you can also save the source code of this page to your computer,
then
> save it as *.htm, so you can execute it on your own comp. be aware if it
> says "the web page contains some unsafe ActiveX" or something like that,
>    then you'd better not to execute that ActiveX widget. and i can't
promise
> that it can give you this kind of warn for any aggressive files..
> 4) DO NOT open your attachment in IE!!!!!don't ever open any type of file
in
> IE directly!!!BE AWARE!! you'd better use antivirus to scan it before you
> open it after you've download it to ur computer.
> 5) Update the system patch immediately if the patch comes out.

I consider these not sollutions to what you point out as a problem, but
general tips to avoid security problems. Antiviral software wont prevent
html parsers from doing their job. Also, changing name of system utilities
wont do anything at all. About your 4th solution. I don't believe antiviral
software detects any kind of html or activex as being potentially harmful.

And finally, i don't believe any patch will come out to prevent html
parsing.


Fred Oliveira
Box Network (www.boxnetwork.net)