Security Bugs
Your Version is :Unknown on Unknown
- Internet Explorer 6.0 Service Pack 1 (Windows XP)-6.00.2800.11
- Internet Explorer 6.0 (Windows XP)-6.00.2600.00
- Internet Explorer 6.0 Public Preview-6.00.2462.0000
- HTML Help ,Feel Lucky ?, [December 04, 2002]-Critical ,Object caching techniques Allow an attacker to execute commands on a user’s system with params
[Andreas Sandblad,se]
- Six vulnerabilities [November 20 ,2002] -
+PNG image buffer overrun (by eeye) ,
+2f@ encoding (by liu die)
,
+OBJECT tag calls ,Temporary Internet Files folder (by Jaslmer)
+Three vulnerabilities ,HTML help
+Kill bit legacy DirectX ActiveX
+SP6 1 NEW cross domain verification check
*the most serious of which could enable an attacker to execute arbitrary code on a user’s system
- Six vulnerabilities [August 22 ,2002] -
+Gopher protocol buffer overrun .
+ActiveX used to display specially formatted text.
enable an attacker to run code on a user’s system in the context of the user.
+XML data vulnerability ,a referenced XML redirected to a data source in a different domain.
open an XML-based files residing a remote system
+represents the origin of a file in the File Download Dialogue box.
misrepresent the source of a file for download in an attempt to fool users accepting a file download from an untrusted source believing it to be coming from a trusted source.
+A Cross Domain verification conjunction with the Object tag.
access data across different domains, read, but not change, any file on the user’s local computer that could be viewed n a browser window.
invoke, but not pass parameters to, an executable on the local system.
+"Cross-Site Scripting in Local HTML Resource" , run in the Local Computer zone, allowing it to run with fewer restrictions than it would in the Internet Zone.
+Kill Bit on the MSN Chat ActiveX ,that cannot be introduced onto users’ systems.
- Gopher Protocol [June 11 ,2002] -
+Gopher protocol buffer overrun .
run code on the local system :
unchecked buffer in a response from Gopher servers.
This code is used independently in IE, ISA, and Proxy Server
In the case of IE, the code would be run in the user's context.
- Six vulnerabilities [May 15 ,2002] -
+A cross-site scripting , Local HTML Resource.
IE ships with local HTMLs . One contains a cross-site vulnerability allow a script to execute as the user herself, run in local computer zone.
web page or HTML email. script injected into the local resource, run in the Local Computer zone, fewer restrictions than in the Internet Zone.
+An information disclosure am HTML object Cascading Style Sheets , read data on the local system.
web page or HTML email.
requires exact knowledge of the location of the intended file to be read on the user's system. requires that the intended file contain a single, parcicular ASCII character.
+An information disclosure ,script within cookies ,
allow one site to read the cookies of another.
cookie containing script , a web page that would deliver cookie and invoke it.
send mail or post it on a server.
invoked the script in the cookie, read or alter the cookies of another site.require know the exact name of the cookie as stored on the file.
+A zone spoofing , to be in the Intranet zone or, Trusted Sites zone.
run with fewer security restrictions .
+Two variants of the "Content Disposition"
IE downloads when a downloadable file's malformed Content-Disposition and Content-Type headers .
a type safe for automatic handling, when in fact it is executable content.
web page or mail .
require that the attacker know that the intended victim has one of these applications present on their system.
*the most serious of which could allow code of attacker's choice to run.
- Two vulnerabilities [March 28, 2002] -
+A zone determination , script embedded in a cookie run in the Local Computer zone.
[Andreas Sandblad,se]
While HTML scripts can be stored in cookies,
place script in a cookie that would be saved to the user’s hard disk.
When the cookie was opened by the site the script would then run in the Local Computer zone.
+An object tags ,invoke an executable on the user’s machine.
web page cause a local program to run on the victim’s machine ,pass any parameters to the program
*the most serious of which would allow script to run in the Local Computer Zone.
- Read Local Files [February 21 ,2002] -
+VBScript cross-domain access Information Disclosure.[Zentai Peter Aron,Hu]
scripts access the contents of another domain in a frame.
view files on the user's local machine or capture the contents of third-party web sites the user visited after leaving the attacker’s site.
learn personal information like user names, passwords, or credit card information.
Web page or HTML email .
need know name and location of any files on the user's system.
gain access to files such as text files, HTML files, or image files.
Six vulnerabilities [February 11 ,2002]
+A buffer overrun vulnerability associated with an HTML directive that’s used to incorporate a document within a web page. By creating a web page that invokes the directive using specially selected attributes, an attacker could cause code to run on the user’s system.
+A vulnerability associated with the GetObject scripting function. Before providing a handle to an operating system object, GetObject performs a series of security checks to ensure that the caller has sufficient privileges to it. However, by requesting a handle to a file using a specially malformed representation, it would be possible to bypass some of these checks, thereby allowing a web page to complete an operation that should be prevented, namely, reading files on the computer of a visiting user’s system. [dH team security.nnov ru]
+A vulnerability related to the display of file names in the File Download dialogue box. When a file download from a web site is initiated, a dialogue provides the name of the file and lets the user choose what action to take. However, a flaw exists in the way HTML header fields (specifically, the Content-Disposition and Content-Type fields) are handled. This flaw could make it possible for an attacker to misrepresent the name of the file in the dialogue, in an attempt to trick a user into opening or saving an unsafe file.
+A vulnerability that could allow a web page to open a file on the web site, using any application installed on a user’s system. By design, IE should only open a file on a web site using the application that’s registered to that type of file, and even then only if it’s on a list of safe applications. However, through a flaw in the handling of the Content-Type HTML header field, an attacker could circumvent this restriction, and specify the application that should be invoked to process a particular file. IE would comply, even if the application was listed as unsafe. [Sandro Gauci GFI.com]
+A vulnerability that could enable a web page to run a script even if the user has disabled scripting. IE checks for the presence of scripts when initially rendering a page. However, the capability exists for objects on a page to respond to asynchronous events; by misusing this capability in a particular way, it could be possible for a web page to fire a script after the page has passed the initial security checks.
+A newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-058. The vulnerability could enable a malicious web site operator to open two browser windows, one in the web site’s domain and the other on the user’s local file system, and to use the Document.open function to pass information from the latter to the former. This could enable the web site operator to read, but not change, any file on the user’s local computer that could be opened in a browser window. In addition, this could be used to mis-represent the URL in the address bar in a window opened from their site.
* the most serious of which could allow an attacker to run code on another user’s system.
- Q324929 [December 2002]-Cumulative Patch for Internet Explorer
- Q328970 [November 2002]-Cumulative Patch for Internet Explorer
- Q323759 [August 2002]-Cumulative Patch for Internet Explorer
- Q323889 [June 2002]-Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attackers Choice
- Q321232 [May 2002]-Cumulative Patch for Internet Explorer
- Q319182 [March 2002]-Cumulative Patch for Internet Explorer
- Q319182 [February 2002]-Incorrect VBScript Handling in IE Can Allow Web Pages to Read Local Files
- Q316059 [February 2002]-Cumulative Patch for Internet Explorer
- Q313675 [December 2001]-Cumulative Patch for IE
- Q312461 [November 2001]-Cumulative Patch for IE
- Q306121 [October 2001]-Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
- Internet Explorer 5.5 Service Pack 2 - 5.51.4807.2300
- Internet Explorer 5.5 -5.50.4134.0600
- Windows Millennium Edition -5.50.4134.0100
- Q324929[ December 2002 ] - Cumulative Patch for Internet Explorer
- QQ328970[November 2002] -Cumulative Patch for Internet Explorer
- Q323759[August 2002] -Cumulative Patch for Internet Explorer
- Q323889[June 2002] - Unchecked Buffer in Gopher Protocol Handler Can Run Code of Attackers Choice
- Q321232[May 2002 ] -Cumulative Patch for Internet Explorer
- Q[March 2002] - Cumulative Patch for Internet Explorer
- Q[February 2002 ] -Cumulative Patch for IE
- Q[February 2002 ] - Incorrect VBScript Handling in IE Can Allow Web Pages to Read Local Files
- Q[December 2001 ] - Cumulative Patch for Internet Explorer
- Q[November 2001 ] - Cumulative Patch for IE
- Q[October 2001 ] - Malformed Dotless IP Address Can Cause Web Page to be Handled in Intranet Zone
- Q[May 2001 ] - Flaws in Web Server Certificate Validation Could Enable Spoofing
- Q[March 2001 ] - Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
- Q[February 2001 ] -IE Can Divulge Location of Cached Content
- Q[December 2000] - Outlook - Outlook Express VCard Handler Contains Unchecked Buffer
- Q[August 2000 ] - Browser Print Template and File Upload via Form Vulnerabilities Scriptlet Rendering Vulnerability
- Q[July 2000] - Office HTML Script and IE Script Vulnerabilities
- Q[June 2000 ] - Active Setup Download Vulnerability