On CNET: Nook back on sale
BNET Business Network:
BNET
TechRepublic
ZDNet

June 26th, 2008

Zero-day flaw haunts Internet Explorer

Posted by Ryan Naraine @ 4:02 am

Categories: Arbitrary Code Execution, Botnets, Browsers, Exploit code, Microsoft, Vulnerability research, Windows Vista, Zero-day attacks

Tags: Microsoft Internet Explorer, Zero-day Bug, Web Browsers, Internet, Ryan Naraine

Zero-day flaw haunts Internet ExplorerAn unpatched cross-domain vulnerability in Microsoft’s flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.

The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela’s IE Ghost Busters talk:

Do you believe in ghosts? Imagine an invisible script that silently follows you while you surf, even after changing the URL 1,000 times and you are feeling completely safe. Now imagine that the ghost is able to see everything you do, including what you are surfing and what you are typing (passwords included), and even guess your next move.

No downloading required, no user confirmation, no ActiveX. In other words: no strings attached. We will examine the power of a resident script and the power of a global cross-domain. Also, we will go through the steps of how to find cross-domains and resident scripts.

Details of the new variation have been posted online by the Ph4nt0m Security Team (translation here).

It affects Internet Explorer 6 on Windows XP SP2 and SP3.  The new IE 7 browser is not affected because Microsoft changed the way Javascript protocol URLs are handled to prevent these types of attacks.

Security researcher Aviv Raff has created a test page that confirms the attack vector in IE 6. This screenshot shows a script loaded in one domain (raffon.net) showing a cookie of a different domain (google.com):

Zero-day flaw haunts Internet Explorer

In the absence of a patch, IE users are strongly encouraged to upgrade to IE 7.  Or, as always, consider using an alternative browser.

UPDATE: An alert from US-CERT spells out the risks:

This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary script in the context of another domain. This could allow an attacker to take a variety of actions, including stealing cookies, hijacking a web session, or stealing authentication credentials.

Secunia rates this a moderately critical issue.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 40 Talkback(s)
Smell your own?
Take a breath. You are not that cool. I have been doing this since SETI, now the GRID project. All on Windows machine. Never had an OS crap on me that I could not trace back to hardware are applicatio... (Read the rest)
Posted by: Kyser Soze Posted on: 07/07/08 You are currently: a Guest | | Terms of Use
Jello  plainstreet@... | 06/26/08
Did you read the article?  jasonp@... | 06/26/08
While the information is appreciated  Michael Kelly | 06/26/08
I think the author knew it ...  LBiege | 06/26/08
this flaw haunts only OLD Internet Explorer 6  qmlscycrajg | 06/26/08
I agree  balaknair | 06/26/08
IE6  seanferd | 07/02/08
why aren't you all jumpin on Mozilla for Firefox 3?  Randalllind | 06/26/08
He reports on exploitation issues  Michael Kelly | 06/26/08
Feel better now?  TripleII | 06/26/08
It does doesn't it?  balaknair | 06/26/08
Thanks, edited my link. (NT)  TripleII | 06/26/08
Firefox and Me  michaelkiewicz@... | 06/26/08
"How many Days of NO RESTARTS on you on???"  Confused by religion | 06/26/08
RUNNING BOINC - 24/7 - CRUNCHING DATA FOR HUMANITY!!!  michaelkiewicz@... | 06/27/08
I never have to restart  laura.b | 06/27/08
Smell your own?  Kyser Soze | 07/07/08
Whattttt!!!!!!!!!  Pooch666 | 06/27/08
Tell that to Bill gates then ,,,  Intellihence | 07/02/08
thanks for the notice, Ryan  Narr vi | 06/26/08
How ironic!  NonZealot | 06/26/08
well, you're way off base  Narr vi | 06/26/08
Hahaha  beoz | 06/26/08
RE: Zero-day flaw haunts Internet Explorer  Shayd | 06/26/08
RE: Zero-day flaw haunts Internet Explorer  jarrodbarthe | 06/26/08
Thanks for the warning  NonZealot | 06/26/08
I must say  Michael Kelly | 06/26/08
Is it patched or not?  James Quinn | 06/26/08
IE7 is not affected  Michael Kelly | 06/26/08
RE: Zero-day flaw haunts Internet Explorer  aldell@... | 06/26/08
RE: Zero-day flaw haunts Internet Explorer  nmcfeters | 06/26/08
They'll Fix It In IE8......  itanalyst2@... | 06/26/08
You may want to actually read the article  laura.b | 06/26/08
Yes You Are Correct... EXCEPT!!!  michaelkiewicz@... | 06/26/08
I use Opera  laura.b | 06/26/08
His capitilization...  /A\V/ | 07/02/08
Zero-day flaws haunts IE 24 / 7 / 365  wackoae | 06/27/08
Not my problem  epcraig | 06/28/08
I never realised this could be possible!  Arun (sreearun) | 07/03/08
RE: Zero-day flaw haunts Internet Explorer  Mrs_T | 07/03/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here