Hinnavaatlus
:: Foorum
:: Uudised
:: Ärifoorumid
:: HV F1 ennustusvõistlus
:: Pangalink
:: Telekavad
:: HV toote otsing
|
|
autor |
sõnum |
|
Deep Fury
Kreisi kasutaja
liitunud: 13.12.2001
|
11.11.2002 10:39:09
IE lappimata augud ... augustist :( |
|
|
M$i java kalad, neli neist on parandadatud, ülejäänud siiani m$i hoolimatuse tõttu augustist lappimata Traitorous computing indeed.
http://online.securityfocus.com/archive/1/290966
1) URL parsing error
Impact: impersonating a web site, cookie theft
2) Stack overflow in class loader
Impact: most likely only DoS
3) File path discovery
Impact: finding out the current directory and username
4) INativeServices memory access
Impact: reading memory space, may lead to delivery and execution of any code
5) INativeServices clipboard access
Impact: any applet can get or set the contents of clipboard
6) file:// codebase when using shares
Impact: any applet may get global file read access
7) StandardSecurityManager restriction bypassing
Impact: bypassing package access restrictions
8) com.ms.vm.loader.CabCracker
Impact: An applet may load any local .cab archive
9) Problems with HTML object passed to Java applets via JavaScript
Impact: unknown
10) HTML <applet> tag may be used to bypass Java class restrictions
Impact: unknown
|
|
Kommentaarid: 1 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
1 |
|
tagasi üles |
|
|
ihvike
HV Guru
liitunud: 01.04.2002
|
11.11.2002 11:53:11
|
|
|
Tõstke käsi, kellele mõni sellistest IE aukudest kunagi mingit tegelikku kahju on tekitanud (välja arvatud lappide tõmbamiseks kulunud ajakadu ). Augud niikuinii igal pool. Ja see, et IE-l neid tihti leitakse on äkki hoopis hea?
|
|
Kommentaarid: 12 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
12 |
|
tagasi üles |
|
|
Deep Fury
Kreisi kasutaja
liitunud: 13.12.2001
|
11.11.2002 12:35:22
|
|
|
ihvike kirjutas: |
Tõstke käsi, kellele mõni sellistest IE aukudest kunagi mingit tegelikku kahju on tekitanud (välja arvatud lappide tõmbamiseks kulunud ajakadu ). Augud niikuinii igal pool. Ja see, et IE-l neid tihti leitakse on äkki hoopis hea? |
No ma ei tea ühtegi teist brauserivalmistajat mille progejad ei suuda poole aastaga neile korduvalt informeeritud lappe ära fixata
Ihvike, keda su sam eniveiz uvitab eks Reaalselt kasutavad seda spämmijad, kes su adress booke jms sodi pihta panevad, kui teat lehtedel IEga surfata. Ei ütleks et see eriti kama2 on ... võinoh nendel vähemalt mitee, kellel head filtrid meilikastil on
|
|
Kommentaarid: 1 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
1 |
|
tagasi üles |
|
|
TzigaLind
HV veteran
liitunud: 12.01.2002
|
11.11.2002 15:24:28
|
|
|
ihvike kirjutas: |
Tõstke käsi, kellele mõni sellistest IE aukudest kunagi mingit tegelikku kahju on tekitanud (välja arvatud lappide tõmbamiseks kulunud ajakadu ). Augud niikuinii igal pool. Ja see, et IE-l neid tihti leitakse on äkki hoopis hea? |
Vanemate Windowsite sagedase reinstalli üheks põhjuseks
on ka igatsugu turvaaugud, millede exploit põhjustab
Windowsi süsteemi failide irrepareble corruptioni
ja süsteemi määrangute põhjalikku umbe minekut.
Seda võib vabalt IMHO nimetada kahjuks, s.t. õluti joomise
asemel pead süsteemi recoverdama......
_________________ Piix! |
|
Kommentaarid: 16 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
2 :: |
14 |
|
tagasi üles |
|
|
Deep Fury
Kreisi kasutaja
liitunud: 13.12.2001
|
21.11.2002 15:11:38
|
|
|
m$ lapib IEd juba pikemat aega mitu lappi korraga, siin siis jälle 6 paika. Teema ei vääri ju uut threadi selle jaoks ;(
Cumulative Patch for Internet Explorer (Q328970)
(November 20, 2002)
Affected Software:
- Microsoft Internet Explorer 5.01
- Microsoft Internet Explorer 5.5
- Microsoft Internet Explorer 6.0
Vulnerability identifiers:
- Malformed PNG Image File Failure: CVE-CAN-2002-1185
- Encoded Characters Information Disclosure: CVE-CAN-2002-1186
- Frames Cross Site Scripting: CVE-CAN-2002-1187
- Temporary Internet Files folder Name Reading: CVE-CAN-2002-1188
- Cross Domain Verification via Cached Methods: CVE-CAN-2002-1254
- Improper Cross Domain Security Validation with Frames: CVE-CAN-2002-1217
End User Buletin: http://www.microsoft.com/security/security_bulletins/ms02-066.asp
|
|
Kommentaarid: 1 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
1 |
|
tagasi üles |
|
|
Deep Fury
Kreisi kasutaja
liitunud: 13.12.2001
|
05.12.2002 10:38:06
|
|
|
Lisaks:
Cumulative Patch for Internet Explorer (Q324929)
Originally posted: December 04, 2002
http://www.microsoft.com/security/security_bulletins/ms02-068.asp
"A security vulnerability has been identified in Internet Explorer that could allow an attacker to compromise your Windows-based computer and, possibly, read files on it"
|
|
Kommentaarid: 1 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
1 |
|
tagasi üles |
|
|
olka
HV kasutaja
liitunud: 25.09.2002
|
05.12.2002 10:56:35
|
|
|
offtopic
nuujah kui siin tuli jutuks juba ie6 ja tema java support siis minul igatahes on installitud sp1 windowsxp-le ja kõikvõimalikud update-d aga jippie males jookseb java all browser kolinaga mõnikord kokku ja aru ma ei saa milles point on. Installitud on veel kõikvõimalikud javapluginad jne.
_________________ You, all gonna make me loose my mind, loose my mind |
|
Kommentaarid: 18 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
16 |
|
tagasi üles |
|
|
ihvike
HV Guru
liitunud: 01.04.2002
|
05.12.2002 12:57:09
|
|
|
olka kirjutas: |
offtopic
nuujah kui siin tuli jutuks juba ie6 ja tema java support siis minul igatahes on installitud sp1 windowsxp-le ja kõikvõimalikud update-d aga jippie males jookseb java all browser kolinaga mõnikord kokku ja aru ma ei saa milles point on. Installitud on veel kõikvõimalikud javapluginad jne. |
Otsigi probleemi sellest, et on liiga palju pluginaid installitud. Ühest piisab täielikult.
|
|
Kommentaarid: 12 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
12 |
|
tagasi üles |
|
|
olka
HV kasutaja
liitunud: 25.09.2002
|
05.12.2002 13:08:00
|
|
|
ihvike kirjutas: |
Otsigi probleemi sellest, et on liiga palju pluginaid installitud. Ühest piisab täielikult. |
Räägi asjast palun täpsemalt, mis plugin peaks olema installitud ja ma saaksin asja korda
_________________ You, all gonna make me loose my mind, loose my mind |
|
Kommentaarid: 18 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
16 |
|
tagasi üles |
|
|
ihvike
HV Guru
liitunud: 01.04.2002
|
05.12.2002 13:14:40
|
|
|
olka kirjutas: |
Räägi asjast palun täpsemalt, mis plugin peaks olema installitud ja ma saaksin asja korda |
Vaata, mis sul control panel>add/remove programs all javaga seotut on. Lollikindel lahendus on kõik sealt maha tõmmata ja proovida, mis siis IE teeb. Kui ei ava jippii mänge, siis tõmmata java plugin http://java.sun.com/getjava/download.html
Aga endal ei ole selle kõige uuema java pluginiga just kõige paremad kogemused Jippiis mängides. Kõige paremini töötab win 2000-e originaalne java. 98 oma kärab ka. XP-ga ei ole niipalju kokku puutunud.
|
|
Kommentaarid: 12 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
12 |
|
tagasi üles |
|
|
Deep Fury
Kreisi kasutaja
liitunud: 13.12.2001
|
06.12.2002 10:35:50
|
|
|
Et mis siis Security Researcher uuest m$i lapist arvab.
Btw IEs on hetkel 18 turvakala, millest 6 tõsisemat klassi Way to go m$ ...
Following the release of the cumulative MS02-066 patch from the previous
week, Microsoft has released yet another cumulative patch for Internet
Explorer - MS02-068, which can be found at
http://www.microsoft.com/technet/security/bulletin/MS02-068.asp
The sole vulnerability that MS02-068 patches is the "external object
caching" vulnerability discovered by GreyMagic Software. The rater
surprising aspects of this bulletin is the extensive downplaying of severity
and the incorrect mitigating factors.
Microsoft has given this vulnerability a maximum severity rating of
"Moderate". Great, so arbitrary command execution, local file reading and
complete system compromise is now only moderately severe, according to
Microsoft.
Moving on to the technical description, we see yet more inaccuracies. The
entire first paragraph is a falsum:
"Exploiting the vulnerability could enable an attacker to read, but not
change, any file on the user's local computer. In addition, the attacker
could invoke an executable that was already present on the local system. The
attacker would need to know the exact location of the executable, and would
not be able to pass parameters to it. Microsoft is not aware of any
executable that ships by default as part of Windows and, when run without
parameters, could be dangerous. "
Allow me to rephrase:
Exploiting the vulnerability could enable an attacker to perform any action
on the local computer that the user being exploited can perform. This
includes, but is not limited to, reading and changing any file on the user's
local computer, forcefully placing arbitrary files on the system in any
location and invoking any executable on the system both with and without
parameters.
Further down we find yet more inaccuracies:
"Without the ability to pass parameters, it's unlikely that an attacker
could do much. For instance, although the attacker could run the command
prompt, he couldn't pass a command (e.g., format c to it. "
"This vulnerability provides no way for an attacker to transfer a program of
their choice to the user's system. "
Since we can already create and execute arbitrary command scripts on the
machine, I fail to see how the above can be remotely accurate. Accomplishing
this is as simple as creating and executing an automated FTP script, or
merely recreating an EXE file from an embedded string in the HTML.
Microsoft are very much aware of this, and even modified the MS02-066
bulletin (following the post from GreyMagic on Bugtraq) to provide
assistance in mitigating how the HTML Help control can execute commands in
the local zone.
It seems like Microsoft are deliberately downplaying the severity of their
vulnerabilities in an attempt to gain less bad press. It sure would look bad
to release 2 critical cumulative updates in just 2 weeks, but that is
exactly what has been done. As it stands now, the bulletin is released and
most journalists willing to comment have already noticed the "Moderate"
label and the extensive list of (incorrect) mitigating factors, and quite
likely will not write anything on just how severe this really is. I doubt
most people care to read the revisions to the bulletin that will come later.
There are currently 18 unpatched publicly known vulnerabilities in Internet
Explorer, of which I have labelled 6 as severe.
http://www.pivx.com/larholm/unpatched/
Regards
Thor Larholm, Security Researcher
PivX Solutions, LLC
|
|
Kommentaarid: 1 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
1 |
|
tagasi üles |
|
|
Deep Fury
Kreisi kasutaja
liitunud: 13.12.2001
|
13.12.2002 13:59:21
|
|
|
Unustasin mainida et ms02-66 kirjeldab ka kala pngfilt.dll (version 6.0.2600.0 and prior) failis, ehk siis avades spetsiaalselt muuudetud päisega png faili (a la pilt internetis) saab pahalane jooksutada ohvri masinas suvalist tarkvara.
"By supplying a carefully crafted memory management header, we
can alter any 32-bit address to which we have write access in Internet
Explorers virtual address space"
http://www.microsoft.com/security/security_bulletins/ms02-066.asp
http://www.eEye.com
|
|
Kommentaarid: 1 loe/lisa |
Kasutajad arvavad: |
|
:: |
0 :: |
0 :: |
1 |
|
tagasi üles |
|
|
|