Great Circle Associates Firewalls
(August 1996) 		 
Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]
Subject: RE: MS Explorer 3.0 'Serious security flaw'?
From: "Jarmon, Don R" <drjarmon @ ingr . com>
Date: Tue, 27 Aug 1996 07:38:42 -0500
To: "'Bill Stout'" <bill . stout @ hidata . com>, "'Ashwin Kumar'" <kumar @ ibu . sj . nec . com>
Cc: "'Firewalls @ GreatCircle . COM'" <Firewalls @ GreatCircle . COM> 
Here's info about the IE 3.0 fix from Microsoft.  Patch and explanation
available at URL

	http://www.microsoft.com/msdownload/iepatch.htm#Nort

Now back to Firewall issues.  This problem would not impact sites using
proxy servers
or application gateways.  Direct dial-up Internet access and Direct LAN
Internet access
would be vulnerable.

>----------
>From: 	Ashwin Kumar[SMTP:kumar @
 ibu .
 sj .
 nec .
 com]
>Sent: 	Monday, August 26, 1996 12:53 PM
>To: 	Bill Stout
>Cc: 	Bill Stout; Firewalls @
 GreatCircle .
 COM
>Subject: 	Re: MS Explorer 3.0 'Serious security flaw'?
>
>On Fri, 23 Aug 1996, Bill Stout wrote:
>
>:Date: Fri, 23 Aug 1996 16:34:29 -0700
>:From: Bill Stout <bill .
 stout @
 hidata .
 com>
>:To: Ashwin Kumar <kumar @
 ibu .
 sj .
 nec .
 com>,
>:    Bill Stout <bill .
 stout @
 osc .
 hidata .
 com>
>:Cc: Firewalls @
 GreatCircle .
 COM
>:Subject: Re: MS Explorer 3.0 'Serious security flaw'?
>:
>:At 02:13 PM 8/23/96 -0700, Ashwin Kumar wrote:
>:>On Fri, 23 Aug 1996, Bill Stout wrote:
>:>:Anyone know what the 'serious security flaw' is in MS Explorer 3.0?
>:
>:<snip>
>:
>:>The core of the attack is a technique for delivering a document to
>the
>:>victim's browser while bypassing the security checks that would
>normally
>:>be applied to the document. If the document is, for example, a
>Microsoft
>:>Word template, it could contain a macro that executes any DOS
>:>command. The attacker could arrange things so the macro was executed
>:>automatically as a consequence of the victim visiting the attacker's
>:>page.
>:
>:<snip>
>:
>:What makes this an Explorer-specific problem?
>:
>:If I'm not mistaken, _any_ browser will open a .doc or .xls document
>if the
>:helper application is defined.  Word and Excel macro viruses are not
>news.
>:I thought it would've been an Active-X or e-mail scamming hole.
>:
>:I don't think a firewall can be configured to filter Word/Excel macro
>viruses.
>:
>:
>:Bill Stout
>
>In order to avoid the problem you describe, IE will prompt user for a
>dialog
>warning them that the document could be "dangerous".
>
>The bug is that using some unspecified technique, the document will be 
>downloaded without that dialog ever showing.
>
>Ashwin
>
>
Indexed By Date Previous: Information on Firewalls
From: kesavan . p . nair @ bangate1 . tek . com
Next: RE: Holes In Frame Relay
From: Russ <Russ . Cooper @ RC . Toronto . on . ca>
Indexed By Thread Previous: RE: MS Explorer 3.0 'Serious security flaw'?
From: Keith McCammon <keithm @ asymetrix . com>
Next: Unix-based viri scanner
From: meritj @ fincen . treas . gov (Jim Meritt)
Google
 
Search Internet Search www.greatcircle.com