أستغفر الله العظيم ... سبحان الله وبحمده



العودة   منتديات داماس > برامج الكمبيوتر والانترنت > برامج


مواضيع مميزة  


آخر عشرة مواضيع المواضيع النشطة


02-02-2004, 10:24 PM
gala غير متصل
عضو فعال
رقم العضوية: 338
تاريخ التسجيل: Jun 2003
المشاركات: 113
إعجاب: 2
تلقى 6 إعجاب على 2 مشاركة
تلقى دعوات الى: 0 موضوع
    #1  

Explorer BackToFramedJPU Cross-Domain Policy


Microsoft Internet Explorer BackToFramedJPU Cross-Domain Policy
Vulnerability
Bugtraq ID 9109
CVE CAN-2003-1026
Published Nov 25 2003
Last Update 2/2/2004 7:07:45 PM GMT
Remote Yes
Local No
Credibility Vendor Confirmed
Classification Design Error
Ease Exploit Available
Availability User Initiated
Authentication Not Required

Impact 6 Severity 7.2 Urgency Rating 7.8

Last Change Microsoft Security Bulletin and fixes are
available.

Vulnerable Systems
- ------------------
Microsoft Internet Explorer 5.0.0
Microsoft Windows 98SE

Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3
Microsoft Internet Explorer 5.5.0
Microsoft Windows ME

Microsoft Internet Explorer 5.5.0 SP1
Microsoft Internet Explorer 5.5.0 SP2
Microsoft Internet Explorer 6.0.0
Microsoft Windows Server 2003 Datacenter Edition
Microsoft Windows Server 2003 Datacenter Edition 64-bit
Microsoft Windows Server 2003 Enterprise Edition
Microsoft Windows Server 2003 Enterprise Edition 64-bit
Microsoft Windows Server 2003 Standard Edition
Microsoft Windows Server 2003 Web Edition
Microsoft Windows XP Home
Microsoft Windows XP Professional

Microsoft Internet Explorer 6.0.0 SP1

Short Summary
- -------------
Microsoft Internet Explorer vulnerable to an issue in the history
function handling in frames that could result in cross-domain violation.

Impact
- ------
It is possible to violate the browser cross-domain policy, potentially
allowing malicious web pages to access properties of foreign domains.
This could be used in numerous attacks to compromise sensitive
information and also exploited in combination with other vulnerabilities
to execute malicious code in the Local Zone.

Technical Description
- ---------------------
A vulnerability has been reported in sub-frames in Microsoft Internet
Explorer. Because of this, an attacker may be able to violate
cross-domain policy.

The problem is a variation of vulnerabilities previously reported by Liu
Die Yu (which are covered in BID 8577). The issue involves navigating
sub-frames to a JavaScript protocol URI and the use of history.back().
The problem components could allow for script code to access properties
of a page from a foreign domain, stored in the browser history. This
issue, by itself, could permit a malicious web page to interact with a
foreign domain, potentially allowing for theft of sensitive information
or other attacks. By exploiting this issue in combination with other
vulnerabilities (such as BIDs 9105 and 9107), it will be possible to
execute malicious code on the client system in the context of the Local
Zone.

Symantec has confirmed that this issue is exploitable on IE 5.0 as well
as the version tested by the researcher.

Due to the ease of exploitation and the existence of other
vulnerabilities which may be exploited in tandem with this BID, it is
probable that this issue will be widely exploited in the wild.

This issue was originally covered in BID 9100 "Multiple Internet
Explorer Browser Security Model Compromise Vulnerabilities" and is now
being assigned its own BID.

Attack Scenarios
- ----------------
An attacker must place the malicious web content in a location that can
be accessed by the target victim.

The attacker creates a malicious web page, and sends the target victim a
link to the page via an enticing e-mail. The attacker could either
exploit this issue by itself to access the properties of a web site that
the client trusts and gain access to sensitive information. It is also
possible to exploit this issue in combination with other vulnerabilities
to cause a malicious executable to be executed on the client system in
the context of the Local Zone.

Exploits
- --------
Liu Die Yu has released a proof of concept exploit designed to exploit
the issues described in BID 9105, 9107 and 9109 to execute arbitrary
executables. The proof of concept 1stCleanRc-Xp.zip and a document
describing the exploit is available at the following location:



http://www.safecenter.net/UMBRELLAWE...nRc/index.html

The exploit 1stCleanRc-Xp.zip is linked below.

A proof-of-concept has been made available at the following location:

http://www.safecenter.net/UMBRELLAWE...kToFramedJpu-M
yPage.htm

The following proof-of-concept also demonstrates how this vulnerability
may be exploited in combination with other issues:

http://www.safecenter.net/UMBRELLAWE...nRc-Demo/index.
html




http://www.securityfocus.com/data/vu.../1stCleanRc-Xp.
zip

Mitigating Strategies
- ---------------------
Run all client software as a non-privileged user with minimal access
rights.
Web browsing and other non-administrative tasks should always be
performed as an unprivileged user with minimal access rights. This will
limit the consequences of successful exploitation.

Do not follow links provided by unknown or untrusted sources. This issue may be exploited via a malicious web page. Users should be
cautious of visiting websites of questionable integrity, especially if
they are enticed to do so through unsolicited e-mail or by an unfamiliar
or untrusted source.

Set web browser security to disable the execution of script code or
active content.
Using browser security settings to disable support for Active Scripting
in the Internet Zone will limit exposure to this and other known issues
in the browser security model.


Solutions
- ---------
Workaround
A workaround is available in the referenced security bulletin
(MS04-004).

Microsoft has released a cumulative security update (MS04-004) to
address this issue in affected versions of Microsoft Internet Explorer.
Users are strongly advised to obtain fixes as soon as possible.




Microsoft Patch Cumulative Security Update for Internet Explorer 5.01
for Windows 2000 Service Pack 2 (KB832894)

http://www.microsoft.com/downloads/d...904608-DCEE-4C
99-A780-81D6DBC48DD5&displaylang=en
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3

Microsoft APAR Cumulative Security Update for Internet Explorer 5.01 for
Windows 2000 Service Pack 3 (KB832894)

http://www.microsoft.com/downloads/d...2D3AAC-6B56-4F
4A-8C0F-4183C77B6B51&displaylang=en
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3

Microsoft Patch Cumulative Security Update for Internet Explorer 5.01
for Windows 2000 Service Pack 4 (KB832894)

http://www.microsoft.com/downloads/d...E74139-6E0E-49
FD-9AA2-36D2D8454A92&displaylang=en
Microsoft Internet Explorer 5.0.1
Microsoft Internet Explorer 5.0.1 SP1
Microsoft Internet Explorer 5.0.1 SP2
Microsoft Internet Explorer 5.0.1 SP3

Microsoft Patch Cumulative Security Update for Internet Explorer 5.5
Service Pack 2 (KB832894)

http://www.microsoft.com/downloads/d...FE87F6-7ACA-4A
54-B767-5597DDE95C6F&displaylang=en
Microsoft Internet Explorer 5.5.0 SP2

Microsoft Patch Cumulative Security Update for Internet Explorer 6
(KB832894)

http://www.microsoft.com/downloads/d...0C18BC-7F9A-41
96-BFDE-29EBA8CF7A50&displaylang=en
Microsoft Internet Explorer 6.0.0

Microsoft Patch Cumulative Security Update for Internet Explorer 6
Service Pack 1 (KB832894)

http://www.microsoft.com/downloads/d...530968-B59A-47
C0-90D3-0C884910BC97&displaylang=en
Microsoft Internet Explorer 6.0.0 SP1

Microsoft Patch Cumulative Security Update for Internet Explorer 6 SP1
64-bit Edition (KB832894)

http://www.microsoft.com/downloads/d...6EFFDA-8D86-46
83-BC77-9BF410BC620D&displaylang=en
Microsoft Internet Explorer 6.0.0 SP1

Microsoft Patch Cumulative Security Update for Internet Explorer for
Windows Server 2003 (KB832894)

http://www.microsoft.com/downloads/d...8AE4F7-8852-4A
04-B8F6-1DE327E598F0&displaylang=en
Microsoft Internet Explorer 6.0.0

Microsoft Patch Cumulative Security Update for Internet Explorer for
Windows Server 2003 64-bit Edition (KB832894)

http://www.microsoft.com/downloads/d...7894F0-789F-41
52-9AE4-8DCB43404149&displaylang=en
Microsoft Internet Explorer 6.0.0

Credit
- ------
Discovery credited to Liu Die Yu.

References
- ----------
Web Page:Internet Explorer Vulnerability :: 1stCleanRc (Liu Die Yu) Liu
Die Yu

http://www.safecenter.net/UMBRELLAWE...nRc/index.html

Web Page:Microsoft Security Bulletin MS04-004 (Microsoft) Microsoft

http://www.microsoft.com/technet/tre...technet/securi
ty/bulletin/MS04-004.asp
---------------------------

will try it out [ that is when i get s0me FREE TIME ] ;) see yea :read:





المواضيع المشابهه
الموضوع كاتب الموضوع المنتدى مشاركات آخر مشاركة
شرح احترافي لل Group policy mohammed_atteya شهادات مايكروسوفت CCNA MCITP MCSA A+ ICDL CISCO CompTIA 14 04-04-2016 10:02 PM
استفسارعن group policy SANBIAR المرحلة الثانية : العمليات التجميليه على النسخة 1 13-08-2011 05:43 AM
شبكة جديده كامله من مجاميعه لكن مافيها اي POLICY MOOD ALNOFAIE إدارة الشبكات و حلول ومشاكل الشبكات 0 10-06-2011 01:07 AM
can someone help me to find this software: Office Policy Manual jabour اسئلة ونقاشات واستفسارات ودروس وشروحات الاوفيس 0 03-01-2010 12:32 PM
كيف أصل إلى مجموعة Group Policy كما بالصورة أحمد العيسى صيانة الكمبيوتر وحلول الحاسب الألي - هاردوير 4 16-04-2009 01:53 PM
03-02-2004, 02:45 PM
+panamaCANAL غير متصل
عضـو
رقم العضوية: 4003
تاريخ التسجيل: Jan 2004
المشاركات: 8
إعجاب: 0
تلقى 0 إعجاب على 0 مشاركة
تلقى دعوات الى: 0 موضوع
    #2  
ثغرة خطيرة جدا ....ياشباب حق مصلحتكم نزلو الرقعة من مايكروسوفت لهثغرة او ال patch file



ثغرة تسمح حق اي متطفل يعطيك صفحة ومن هالصفحة ينزل الباتش ويشتغل في جهازك \\ اعتقد ادركتو الخطر منها


طبعا هالثغرة خاصة ب internet explorer


شاكرلك اخوي غلا على هاذي الثغرات الجديدة والخطرة في نفس الوقت

bye;)

من مواضيعي:
- Domains

 


Explorer BackToFramedJPU Cross-Domain Policy

English

Powered by vBulletin® Version
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
The owner and operator of the site is not responsible for the availability of, or any content provided.
Topics that are written in the site reflect the opinion of the author.
جميع ما يُطرح من مواضيع ومشاركات تعبر عن رأي كاتبها ولا تعبر عن رأي مالك الموقع أو الإدارة بأي حال من الأحوال.