Autor: Romuald Zylla, T.Uni. of Lodz, PL (zylla_at_lodz1.p.lodz.pl)
Data: Wed 12 Mar 1997 - 20:07:12 MET
Dla tych co nie rozumieja po angielsku wyjasniam znaczenie
tego co dalej zacytowane w orginale:
Internet Explorer 3.0 moze uruchomic dowolny program
na twoim komputerze jesli jakis wesolek umiesci
odpowiednia sekwencje komend na swojej stronie WWW.
Taka komenda moze byc np skasowanie jakiegos pliku
lub (byc moze) zaformatowanie dysku.
March 4, 1997 22:00 GMT Number H-38
______________________________________________________________________________
PROBLEM: Arbitrary commands may be executed on a Web client system using
Microsoft Internet Explorer 3.x.
PLATFORM: Windows 95, Windows NT 4.0
DAMAGE: A Web server can potentially destroy or manipulated data on a
visiting client system.
SOLUTION: Install the patch referenced below
______________________________________________________________________________
VULNERABILITY This is a potentially serious vulnerability that should be
ASSESSMENT: addressed as soon as possible.
______________________________________________________________________________
A security vulnerability has been discovered in Microsoft Internet Explorer
3.0 and 3.01 for Windows 95 and NT. The vulnerability allows an arbitary
program to be executed on a user's machine when accessing a malicious Web
site. For example, selecting a URL on a Web site could cause the standard
Windows calculator to start executing. Other programs, such as format or
deltree, might also be executed, which can be more malicious in nature.
These programs are executed without permission by the user - the standard
security mechanisms provided with Internet Explorer are bypassed completely.
This problem is unrelated to ActiveX or Java, common sources of security
concern. Rather, this vulnerability takes advantage of two features of the
Windows 95/NT4.0 interface - shortcuts and hyperlinks. Shortcuts are files
ending with a .LNK extension, and provide a means of referencing another
file on a system. Windows hyperlinks are files ending with a .URL extension,
and provide a quick jump to a URL on the Internet. When files of these types
are placed on a Web site, they may potentially execute an arbitary command
on the client's computer when accessed through a URL. The arbitary command
(and path to the command) must be known ahead of time, but many key system
programs are kept in standard locations, so this may be easily guessed.
Microsoft has addressed the problem with a patch on their Web site at
http://www.microsoft.com/ie/security/update.htm
--
Romek
-_-_-_-_-_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _-_-_-_-_-
----- PeCetologia jest nauką eksperymentalną ! -----
""""""" a wszystkiemu WINne są komputery """""""
To archiwum zostało wygenerowane przez hypermail 2.1.7 : Tue 18 May 2004 - 15:58:15 MET DST