IE GetObject() problems

Giovanni Coppa giannicoppa@yahoo.it
Fri, 4 Jan 2002 17:12:53 +0100 (CET) 

 --- Georgi Guninski <guninski@guninski.com> ha
scritto: > From Georgi Guninski Tue Jan  1 07:31:53
2002
> 
> Georgi Guninski security advisory #52, 2001
> 
> IE GetObject() problems
> 
> Systems affected:
> Patched IE 6.0, somewhat patched 5.5 Win2K
> 
> Risk: High
> Date: 1 January 2002
> 
> Legal Notice:
> This Advisory is Copyright (c) 2001 Georgi Guninski.
> You may distribute it unmodified.
> You may not modify it and distribute it or
> distribute parts
> of it without the author's written permission.
> 
> Disclaimer:
> The information in this advisory is believed to be
> true based on
> experiments though it may be false.
> The opinions expressed in this advisory and program
> are my own and
> not of any company. The usual standard disclaimer
> applies,
> especially the fact that Georgi Guninski is not
> liable for any damages
> caused by direct or  indirect use of the information
> or functionality
> provided by this advisory or program. Georgi
> Guninski bears no
> responsibility for content or misuse of this
> advisory or program or
> any derivatives thereof.
> 
> Description:
> 
> IE allows reading local files due to a bug in
> GetObject().
> Reading local files may lead to executing arbitrary
> programs.
> 
> Details:
> 
> GetObject() has a bad security record - 
> check http://www.guninski.com/browsers.html
> The new bug is quite similar to:
> http://www.guninski.com/getobject1-desc.html
> the difference being:
> ----------------------
>
a=GetObject("http://"+location.host+"/../../../../../../test.txt","htmlfile");
> ----------------------
> It is funny that directory traversal on a http: URL
> leads to reading local files.
> 
> Workaround/Solution:
> 
> Disable Active Scripting and never turn it on.
> Better, do not use IE in hostile environments such
> as the internet. 
> 
> Vendor status:
> 
> Microsoft was notified on 11 December 2001.
> They had 3 weeks to produce a patch but didn't.
> 
> Regards,
> Georgi Guninski
> http://www.guninski.com
> ----------------------
> You may visit Guninski Security Mailing List page at
> http://www.guninski.com/mailinglist.html
> ---------------------- 

______________________________________________________________________

Iscriviti al Meglio della Settimana, la newsletter di Yahoo!
Per saperne di pił vai alla pagina: http://it.docs.yahoo.com/buongiorno.html