Zero Day

Ryan Naraine and Dancho Danchev

Get Zero Day via:: Mobile; RSS; Email Alerts
Bios:: Ryan’s Bio; Dancho’s Bio

October 10th, 2007

MS Outlook flaw adds new twist to URI handling saga

Posted by Ryan Naraine @ 10:25 am

Categories: Botnets, Browsers, Data theft, Exploit code, Firefox, Google, Hackers, Metasploit, Microsoft, Mozilla, Open source, Passwords, Patch Watch, Pen testing, Responsible disclosure, Spyware and Adware, Viruses and Worms, Vulnerability research, Zero-day attacks

Tags: Microsoft Internet Explorer, Microsoft Corp., Flaw, MS Outlook Flaw, Microsoft Windows, Microsoft Outlook, Web Browsers, Groupware, Microsoft Office, Security

MS Outlook flaw adds new twist to URI handling saga For months, Microsoft has taken a firm hands-off approach to the URI protocol handling vulnerability saga, shrugging off suggestions that there’s a flaw in Windows that needs to be fixed.

Now comes word that two Microsoft products — Outlook Express 6 and Outlook 2000 — have joined the growing list of Windows applications that can be used as attack vectors.

According to Secunia’s chief technology officer Thomas Kristensen, proof-of-concept code demonstrating the Outlook issue has been sent to Microsoft to prove that this is indeed a Windows vulnerability that’s caused by a design change in Internet Explorer 7.

[ SEE: How to configure Internet Explorer to run securely ]

“Microsoft is now affected by [its] own design change,” Kristensen said in an e-mail exchange.” We hope that Microsoft now chooses the right path and creates a general fix for Windows [or] IE7 rather than start patching all their own applications and ask third party vendors to do the same,” he added.

A spokesman for Redmond’s security response team said the company is aware of what is described as “a potential issue in the way that Windows handles URLs passed in from other applications.

He also dropped a strong hint that this is something that might require a comprehensive Windows fix.

“Microsoft is continuing its investigation into this issue. Once we’re done investigating, we will take appropriate action to help protect customers. This may include providing an update or additional guidance for customers.”

[UPDATE: The company has issued a formal security advisory with more information on the risks. The advisory does not include any pre-patch workarounds. ]

That’s a far cry from this statement from Microsoft in July:

Microsoft has thoroughly investigated the claim of a vulnerability in Internet Explorer and found that this is not a vulnerability in a Microsoft product.

An updated advisory from Secunia lists the following applications as attack vectors on fully patched Windows XP SP2 and Windows Server 2003 SP2 systems (with IE 7 installed):

Firefox version 2.0.0.5
Netscape Navigator version 9.0b2
mIRC version 6.3
Adobe Reader/Acrobat version 8.1 and prior (when opening PDF files)
Outlook Express 6 (e.g. when following specially crafted links in VCards)
Outlook 2000 (e.g. when following specially crafted links in VCards)

ALSO SEE:

Command injection flaw found in IE: Or is it Firefox?

IE-to-Firefox flaw debate rages: Ex-Microsoft security strategist weighs in

Mozilla caught napping on URL protocol handling flaw

Mozilla fixes its end of URL protocol handling saga

Adobe confirms PDF backdoor

Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.

Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Talkback
Most Recent of 40 Talkback(s)

Thread View
Flat View

RE: Some people should never be given the microphone...: as words spoken "under the shade trees 'round the Microsoft watering hole" do poison the well when it turns out 'someone' (policy?) valued rebuttal higher than due diligence and reality-based response... Having failed the old "smell test", that 'taint' will linger on in olfactory memories...... (Read the rest); Posted by: flared0ne Posted on: 11/08/07 You are currently: a Guest | Log in | Terms of Use

Firefox Folks this is fixed in current verion 2.0.0.7 D. T. Schmitz | 10/10/07

BS -- it's a FireFox bug. Yagotta B. Kidding | 10/10/07

Wow! Cardinal_Bill | 10/10/07

Merde. Au contraire... D. T. Schmitz | 10/10/07

I asked George and No Axe TripleII | 10/10/07

We Know The Outcome grin

TheBoyBailey | 10/11/07

The logical solution... Resuna | 10/11/07

BS -- it's a Safari bug . Intellihence | 10/11/07

It's a Windows bug. Resuna | 10/23/07

Yeah, but that's M$ that investigated... kamahl928 | 10/11/07

RE: MS Outlook flaw adds new twist to URI handling saga jeff92677 | 10/10/07

How long will people put up with this kind of thing? Resuna | 10/10/07

Until Windows is no longer "free" TripleII | 10/10/07

Microsoft's always made Windows "free" one way or another. Resuna | 10/11/07

RE: MS Outlook flaw adds new twist to URI handling saga Red Elk | 10/10/07

FireFox with NoScript Chad_z | 10/10/07

A freak show, really? Confused by religion | 10/10/07

Really? middle of nowhere | 10/10/07

Doh! Oh here we go with the Apple products... D. T. Schmitz | 10/10/07

Iiiiiiiiiiiiiiiiiiiii....think NOT Milly!!! D. T. Schmitz | 10/10/07

Any idiot, including Linux and Mac users... Confused by religion | 10/11/07

Milly try sticking to the subject . Intellihence | 10/11/07

Ahhh... Cardinal_Bill | 10/11/07

Every OS has holes in it. rtk | 10/11/07

Her... Cardinal_Bill | 10/11/07

It's not so much that it *has* holes kamahl928 | 10/11/07

And what OS hkommedal | 10/11/07

Thanks... Cardinal_Bill | 10/10/07

In that case you must be doing what I do... BanjoPaterson | 10/11/07

No, I run a secure network that has not has any virus or intrusions... Confused by religion | 10/11/07

"old broad"? "windows wimp"? BanjoPaterson | 10/11/07

You obviously don't know what you're talking about MacCanuck | 10/11/07

Thank you for enlightening me happy

BanjoPaterson | 10/11/07

I agree buddy balaknair | 10/11/07

the non-MS OS fanboys don't know how to secure a Windows box Ole Man | 10/11/07

SuperFreak SuperFreak....Yaooowww D. T. Schmitz | 10/10/07

Ooops, I did it again Kid Icarus-21097050858087920245213802267493 | 10/12/07

Applications which pass un-validated URIs or URLs to Windows can be leverag PhilippeV | 10/26/07

That's the wrong approach. It's the API that needs to be changed. Resuna | 10/29/07

RE: Some people should never be given the microphone... flared0ne | 11/08/07

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
The True Costs of Virtual Server Solutions VMware In an economic environment that is repeatedly heralding the message "do ... Download Now
VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now

Blogs From Our Sponsors

Top Rated

Facebook password-reset spam is Bredolab botnet attack+46 votes
Thousands of web sites compromised, redirect to scareware+43 votes
Microsoft confirms 'detailed' Windows 7 exploit+43 votes
Firefox hit by multiple drive-by download flaws+41 votes
Which antivirus is best at removing malware?+39 votes
iHacked: jailbroken iPhones compromised, $5 ransom demanded+32 votes
New LoroBot ransomware encrypts files, demands $100 for decryption+28 votes
Mac OS X mega patch covers 58 security vulnerabilities+26 votes

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

Virtualization: Architectural Considerations And Other Evaluation Criteria VMware Of the many approaches to x86 systems virtualization available in the ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now
The Impact of Virtualization Software on Operating Environments VMware Today's use of virtualization technology allows IT professionals to ... Download Now

Meet Doc

Here to help you with your Document Management Needs
Check out Doc’s Blog on ZDNet
Help your company, help the earth I want to share with you the Environmental Defense Fund Paper Calculator, which allows you to gauge your organization's environmental impact.
Which is Greener: Paper or Digital? The Answer May Surprise You Anything we can do to reduce paper consumption is good. But what about the impact of digital waste?
Produced by
ZDNet and

Zero Day

Ryan Naraine and Dancho Danchev

October 10th, 2007

MS Outlook flaw adds new twist to URI handling saga

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads

Zero Day

Ryan Naraine and Dancho Danchev

October 10th, 2007

MS Outlook flaw adds new twist to URI handling saga

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Recent Entries

Blogs From Our Sponsors

Top Rated

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

Keep up with ZDNet

Archives

Favorite Links

41

ZDNet Blogs

White Papers, Webcasts, and Downloads

Meet Doc

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads