Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically

From: "snsadv () lac co jp" <snsadv () lac co jp>
Date: Thu, 16 May 2002 15:20:37 +0900
----------------------------------------------------------------------
SNS Advisory No.48
Microsoft Internet Explorer Still Download And Execute ANY Program Automatically

Problem first discovered: Wed, 13 Feb 2002
Published: Mon, 18 Mar 2002
Revised: Thu, 16 May 2002
----------------------------------------------------------------------

Overview:
---------
  Microsoft Internet Explorer contains a vulnerability which allows 
  for downloading of a file and its automatic execution under several 
  circumstances without the knowledge of the user.  If a malicious 
  webmaster creates a website containing malicious contents that can 
  exploit this problem, and if the user has access to these contents 
  using Internet Explorer under specific environments, then arbitrary 
  programs specified by the administrator will be automatically 
  downloaded and executed on the user's system.

Problem Description:
--------------------
  A vulnerability exists in Microsoft Internet Explorer which could 
  lead to automatic downloading and execution of a file under several 
  environments.  This can be achieved when a user views contents 
  including the following header in HTTP responses:

  Content-Type: audio/x-ms-wma
  Content-disposition: inline; filename="foo.exe"
  
  It is important to note that the above-mentioned description is just 
  an example and that this vulnerability has been confirmed exploitable 
  using other Content-Type: headers, such as Content-Type: audio/midi. 

  This vulnerability affects the following environments: (our previous 
  advisory stated that only IE 6 was affected by this vulnerability, 
  however, it has been confirmed through further investigation that 
  IE 5.01 SP2 is also vulnerable to this issue)  

  (1) Windows NT 4.0 Workstation + SP6a
      + IE 6 + all available fixes [Japanese version]
 
  (2) Windows NT 4.0 Workstation + SP6a + Windows Media Player 6.4  
      + IE 6 + all available fixes [Japanese version]
   
  (3) Windows 2000 Professional + SP2 + SRP1 + Windows Media Player 6.4
      + IE 6 + all available fixes [Japanese version]

  (4) Windows 2000 Professional + SP2 + SRP1 + Windows Media Player 6.4
      + IE 5.01 SP2 + all available fixes [Japanese version]

  (5) Windows 98 +  Windows 98 System Update + Windows Media Player 6.4
      + IE 6 + all available fixes [Japanese version] 

  (6) Windows 2000 Professional + SP2 + SRP1 + Windows Media Player 7.1
      + IE 6 + Office 2000 SR-1 + all available fixes [Japanese version]

  Note: Windows Media Player 6.4 is installed by default on Windows 2000 
  and Windows 98.

Solution:
---------
  This problem can be eliminated by applying a patch based on the 
  information provided by Microsoft Security Bulletin MS02-023.

  Microsoft Security Bulletin 02-023:
  http://www.microsoft.com/technet/treeview/default.asp?url=/technet/security/bulletin/MS02-023.asp

Discovered by:
--------------
  Yuu Arai (LAC)  y.arai () lac co jp

Acknowledgements:
----------------- 
  Thanks to:
 
  Microsoft Security Response Center
  Japan PSS Security Response Team of Microsoft Asia Limited

Disclaimer:
-----------
All information in these advisories are subject to change without any advanced 
notices neither mutual consensus, and each of them is released as it is. LAC 
Co.,Ltd. is not responsible for any risks of occurrences caused by applying those 
information. 

------------------------------------------------------------------
SecureNet Service(SNS) Security Advisory <snsadv () lac co jp>
Computer Security Laboratory, LAC  http://www.lac.co.jp/security/
Previous By Date Next
Previous By Thread Next

Current thread: