IE6.0 could inherit Iframe weakness from IE 5.x if not patched pr oberly

["KRUSE PETER, Teliadk" <PKR () Telia DK>]

Hi,

Internet Explorer 6.0 could inherit weakness from IE 5.x if not patched
proberly

Both Nimda and Badtrans-B, as well as others, exploit the Iframe weakness as
described in MS01-20.

This is a minor issue but appears when you're updating a unpatched version
of IE to version 6.0. The problem is not really the patch, but the way you
update from a vulnerable IE, to the latest IE6.0. 

If you choose to update a vulnerable version of IE5.1 or IE5.5 SP1, with the
latest version of IE6.0 using the minimal installtion option, then the
weakness described in MS01-20 will affect IE6.0 as well. This is very likely
because the affected files (described in MS01-20) are not being proberly
updated/overwritten with the minimal installation option in IE6.0. This
would also explain why some administrators have reported that their Internet
Explorer 6.0 is vulnerable to the Iframe exploit used by Nimda and
Badtrans-B. 

Some private users and SOHO's might consider the minimal installation. The
default IE6.0 is rather large for a dial-up user or a small office with
small bandwidth.  

This minor issue has been confirmed by Microsoft. Microsoft fairly points
out that this is NOT the default installation for IE 6.0. This has been
noted, and as stated earlier, this is a minor issue.
  
Med venlig hilsen / Kind regards

Peter Kruse
Security & Virusresearch
Telia Telecom A/S
Søren Frichsvej 34C - DK 8230 Åbyhøj
Email: pkr () telia dk - Mobil: +45 2827 9785