Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)

From: "Menashe Eliezer" <menashe () finjan com>
Date: Thu, 25 Apr 2002 19:18:20 +0200
The vulnerabilities' list is accessible even by unprivileged user account.
The ability of active content to access this report depends on
security setting of the browser.
For example, signed ActiveX that runs in browser with low security
setting, doesn't need user's approval. User can also choose not be asked
whether to launch ActiveX that is signed by a specific signer. In such case,
there's no need for low security setting of the browser.
The ActiveX doesn't have to be safe for scripting. The ActiveX can do
anything
without being scripted at all.
You can access this report even without active content.
All you need is a limited exploit that just allows you to read a file.

Deus Attonbitus wrote:
DA>but the script would also have to be able to discern the currently logged
DA>on user in order to see where to look in the "Documents and Settings"
tree.
1. Discern the currently logged on user - It's a simple Win32 API.
2. Code can simply look for "Security Scans" folder in tree.


Regards,
Menashe.

-----Original Message-----
From: 3APA3A [mailto:3APA3A () SECURITY NNOV RU]
Sent: Thursday, April 25, 2002 10:52 AM
To: Menashe Eliezer
Cc: Bugtraq; vuln-dev
Subject: Re: Microsoft Baseline Security Analyzer exploit (Exposed
vulnerabilities' list)


Dear Menashe Eliezer,

Sorry  for  asking,  but  it's  unclear from advisory: is it possible to
access reports with either:

1. ActiveX element marked safe for scripting
2. Javascript or VBscript from "Internet" security zone

Examples  you give for scripting will only run in local host content, so
this  problem  seems to be local only (default permissions for sensitive
files)  with  minimal  impact,  because  analysis  of  security  policy,
registry  and  file  permissions can (mostly) be done by local user with
unprivileged account. In this case risk is low.

--Thursday, April 25, 2002, 5:06:32 AM, you wrote to
bugtraq () securityfocus com:

ME> Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities'
list)
ME> Finjan Software Security Advisory
ME> URL: http://www.finjan.com/mcrc/alert_show.cfm?attack_release_id=71
ME> April 24, 2002
ME> Risk: Medium
ME> -------------



--
~/ZARAZA
×åëîâåê ýòî òàéíà... ÿ çàíèìàþñü ýòîé òàéíîé ÷òîáû áûòü ÷åëîâåêîì.
(Äîñòîåâñêèé)
Previous By Date Next
Previous By Thread Next

Current thread: