Reported November 20, 2002, by Microsoft.
· Microsoft Internet Explorer (IE) 6.0, 5.5, 5.01
IE contains six newly discovered vulnerabilities, the most serious of which can permit a potential attacker to execute commands on the vulnerable system. The six new vulnerabilities consist of the following:
· A buffer overrun vulnerability that occurs because ID doesn't correctly check the parameters of a Portable Networks Graphics (PNG) file when it's opened.
· An information-disclosure vulnerability related to the way IE handles encoded characters in a URL. This vulnerability can permit a potential attacker to craft a URL containing encoded characters that would redirect a user to a second Web site. If the user follows the URL, the attacker can piggyback the user’s access to the second Web site. The attacker can then access any information the user shares with the second Web site.
· A vulnerability that occurs because under certain circumstances, IE doesn't correctly check the component that the OBJECT tag calls. This flaw can permit an attacker to obtain the name of the Temporary Internet Files folder on the user’s local machine. If an attacker knows the name of the Temporary Internet Files folder, he or she can identify the username of the currently logged-on user and read other information in the Temporary Internet Files folder (e.g., cookies).
· Three vulnerabilities that are the result of incomplete security checks that occur when you use particular programming techniques on Web pages. The vulnerabilities permit a Web site to access information in another domain, including the user’s local system. The Web site operator can then read, but not change, any file on the user’s local computer that's viewable in a browser window. In addition, this vulnerability can enable a potential attacker to invoke an executable that's already present on the local system.
Microsoft, has released Security Bulletin MS02-066, "Cumulative Patch for Internet Explorer" (Q328970) to address these vulnerabilities and recommends that affected users immediately apply the appropriate patch that the bulletin mentions. This cumulative patch also addresses all previously discovered IE vulnerabilities.
Discovered by eEye Digital Security.