Yet another information disclosure vulnerability in Internet explorer.
IE Aurora‘s dust was not even settled in our minds and yet another critical vulnerability in IE has emerged with a bang !!
A Security Consultant from CORE Security Technologies, Mr.Jorge Luis Alvarez Medina discussed a vulnerability in BlackHat DC 10 conference. His presentation demonstrated a Proof of Concept code which exploits this vulnerability and allows an attacker to access any file from victim’s machine.
Medina chained “Bypassing URL security Zone feature” and Browser file sharing protocol attacks and showed how easy it is to read a file from a known location.
Medina further said that these vulnerabilities are weak Internet Explorer features that leave an open door for different kinds of attacks.
Microsoft has acknowledged the vulnerability and issued a security advisory.
Microsoft has also confirmed that Restricted sites zone helps mitigate attacks that could try to exploit this vulnerability by preventing Active Scripting and ActiveX controls from being used when reading HTML e-mail messages. However, if a user clicks a link in an e-mail message, the user could still be vulnerable to exploitation of this vulnerability through the Web-based attack scenario.
According to Advisory Protected Mode in Internet Explorer on Windows Vista and later limits the impact of the vulnerability while risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature.
Core security group has released a white paper on “Abusing insecure features of IE” which demonstrates the internals of the exploitation process.
References:
- Microsoft Security Advisory 980088
- Internet Explorer turns your personal computer into a public file server
- Internet Explorer URL Zone Security Bypass
- Download White Paper from Core Security Group
