Apparently MS has a patch on their website that fixes the problem.,
----------
From: Ashwin Kumar[SMTP:kumar @
ibu .
sj .
nec .
com]
Sent: Friday, August 23, 1996 7:44 PM
To: Bill Stout
Cc: Firewalls @
GreatCircle .
COM
Subject: Re: MS Explorer 3.0 'Serious security flaw'?
On Fri, 23 Aug 1996, Bill Stout wrote:
:Date: Fri, 23 Aug 1996 13:06:09 -0700
:From: Bill Stout <bill .
stout @
hidata .
com>
:To: Firewalls @
GreatCircle .
COM
:Subject: MS Explorer 3.0 'Serious security flaw'?
:
:Anyone know what the 'serious security flaw' is in MS Explorer 3.0?
:
:
:Bill Stout
:_______________________________________________________________________________
:Senior Systems Admin NT/UNIX/I-net/Routers/Mainframes/Janitor ;)
:Hitachi Data Systems 408-970-4822 --- Disclaimer: I speak only for myself
:___________"Infowar, Cyber-war, yes, 'they' _are_ out to get you..."___________
:
READ ON ...
forwarded message ----------------->
From: InterAccess Support Manager <dean @
noc .
interaccess .
com>
Subject: IE 3.0?
Is there any weight in this slight security breach?
http://www.cs.princeton.edu/sip/news/Aug96-2.html
<snip>
August 1996 Internet Explorer Security Flaw: Brief Description
We have discovered a security flaw in version 3.0 of Microsoft's Internet
Explorer browser running under Windows 95. An attacker could exploit
the flaw to run any DOS command on the machine of an Explorer user who
visits the attacker's page. For example, the attacker could read,
modify, or delete the victim's files, or insert a virus or backdoor
entrance into the victim's machine. We have verified our discovery by
creating
a Web page that deletes a file on the machine of any Explorer user who
visits the page.
The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would normally
be applied to the document. If the document is, for example, a Microsoft
Word template, it could contain a macro that executes any DOS
command. The attacker could arrange things so the macro was executed
automatically as a consequence of the victim visiting the attacker's
page.
Normally, before Explorer downloads a dangerous file like a Word
document, it displays a dialog box warning that the file might contain a
virus
or other dangerous content, and asking the user whether to abort the
download or to proceed with the download anyway. This gives the user a
chance to avoid the risk of a malicious document. However, our technique
allows an attacker to deliver a document without triggering the
dialog box.
The attack does not require the user to approve any actions by answering
questions, requesting a download, or opening a document or
program. Merely visiting a Web page containing the attack is enough to
expose you to it.
Microsoft has been notified and they are working on fixing the problem.
Until a remedy is widely available, we will not disclose further details
about the flaw. Further details will appear on this page at a later date.
We do not know whether Windows NT users of Internet Explorer 3.0 are
affected, though we suspect that they may be.
This flaw was found by Dirk Balfanz and Edward Felten. Contact Felten if
you have questions.
Princeton University
Department of Computer Science
Contact: sip @
cs .
princeton .
edu
<snip>
Follow-Ups:
|
|
