please publish the exploit. many many thanks in advance igor Ben Holiday wrote:
---------- Forwarded message ---------- Date: Mon, 26 Aug 1996 01:35:07 GMT Subject: Microsoft Explorer security hole (fwd)
On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation <carl@iserver.com> wrote:
To our Resellers/Customers,
Our sysadmin received this security alert, and we thought we should pass it along...
------- Forwarded Message
Date: Wed, 21 Aug 1996 13:12:59 -0400 From: felten@CS.Princeton.EDU (Ed Felten) Subject: Internet Explorer Security Problem
We have discovered a security flaw in the current version (3.0) of Microsoft's Internet Explorer browser running under Windows 95. An attacker could exploit the flaw to run any DOS command on the machine of an Explorer user who visits the attacker's page. For example, the attacker could read, modify, or delete the victim's files, or insert a virus or backdoor entrance into the victim's machine. We have verified our discovery by creating a Web page that deletes a file on the machine of any Explorer user who visits the page.
The core of the attack is a technique for delivering a document to the victim's browser while bypassing the security checks that would normally be applied to the document. If the document is, for example, a Microsoft Word template, it could contain a macro that executes any DOS command.
Normally, before Explorer downloads a dangerous file like a Word document, it displays a dialog box warning that the file might contain a virus or other dangerous content, and asking the user whether to abort the download or to proceed with the download anyway. This gives the user a chance to avoid the risk of a malicious document. However, our technique allows an attacker to deliver a document without triggering the dialog box.
Microsoft has been notified and they are working on fixing the problem. Until a remedy is widely available, we will not disclose further details about the flaw.
For more information, contact Ed Felten at felten@cs.princeton.edu or 609-258-5906.
Dirk Balfanz and Ed Felten Dept. of Computer Science, Princeton University http://www.cs.princeton.edu/sip/
------- End of Forwarded Message
- Igor.