Feeds

IE 6 SP1 omits fixes for 20 outstanding flaws

In the frame

  • alert
  • submit to reddit

The Power of One eBook: Top reasons to choose HP BladeSystem

Researchers have discovered that inadequate security restrictions in Internet Explorer make it possible for an attacker to execute script on any Web page that containing frames.

Grey Magic Software describes the vulnerability as critical, a warning backed up by several proof of concept demonstrations.

Because of the way frames (and iframes) are handled by IE version 5.5 and above, attackers are able to get to all sorts of mischief with minimal effort, including:


  • Read local files from the victim's hard drive, using a default local resource (ironically dubbed "PrivacyPolicy") that contains frames in IE
  • Execute arbitrary programs on the victim's computer, using the woefully misnamed "PrivacyPolicy" resource
  • Read a victim's cookie and content from any remote site that contains a frame, which can lead to session-stealing and account compromise on sites containing frames - such as Hotmail
  • Forge the content of any site that contains a frame. For example, the attacker could show the user a fake login screen at hotmail.com and log the results to a database

Users of Internet Explorer 5.5 and above are vulnerable to these various exploits with IE 6.0 users particularly vulnerable.



Fortunately there is a simple workaround available which involves disabling Active Scripting. Well either that or consider moving to an alternative browser.

GreyMagic published its advisory yesterday after discovering the flaw in August 4. Still no word from Microsoft on the issue, a fix for this particular problem doesn't appear in a list of fixes included in Microsoft's release of Service Pack 1 for IE6, which was released today. ®

Related Stories

MS IE patch misses the mark
IE, Outlook run malicious commands without scripting
Dangers of the Google tool bar exposed
Ditch IE - veteran bug hunter

Designing a Defense for Mobile Applications

More from The Register

next story
DARPA-derived secure microkernel goes open source tomorrow
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.