cryptoanarchy.wiki

Arise, you have nothing to lose but your barbed wire fences!

1996-08-22 - RISKS: Microsoft Explorer security hole

Header Data

From: stevenw@best.com (Steven Weller)
To: cypherpunks@toad.com
Message Hash: c6454e7a32984619ea452df25397aa772d2be76f505ccd59348d3c4475db432b
Message ID: <v01540b00ae41586b4b42@[206.86.1.35]>
Reply To: N/A
UTC Datetime: 1996-08-22 03:35:05 UTC
Raw Date: Thu, 22 Aug 1996 11:35:05 +0800

Raw message

From: stevenw@best.com (Steven Weller)
Date: Thu, 22 Aug 1996 11:35:05 +0800
To: cypherpunks@toad.com
Subject: RISKS: Microsoft Explorer security hole
Message-ID: <v01540b00ae41586b4b42@[206.86.1.35]>
MIME-Version: 1.0
Content-Type: text/plain


----------------------------------------------------------------------

Date: Wed, 21 Aug 1996 13:12:59 -0400
From: felten@CS.Princeton.EDU (Ed Felten)
Subject: Internet Explorer Security Problem

We have discovered a security flaw in the current version (3.0) of
Microsoft's Internet Explorer browser running under Windows 95.  An attacker
could exploit the flaw to run any DOS command on the machine of an Explorer
user who visits the attacker's page.  For example, the attacker could read,
modify, or delete the victim's files, or insert a virus or backdoor entrance
into the victim's machine.  We have verified our discovery by creating a Web
page that deletes a file on the machine of any Explorer user who visits the
page.

The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would normally be
applied to the document.  If the document is, for example, a Microsoft Word
template, it could contain a macro that executes any DOS command.

Normally, before Explorer downloads a dangerous file like a Word document,
it displays a dialog box warning that the file might contain a virus or
other dangerous content, and asking the user whether to abort the download
or to proceed with the download anyway.  This gives the user a chance to
avoid the risk of a malicious document.  However, our technique allows an
attacker to deliver a document without triggering the dialog box.

Microsoft has been notified and they are working on fixing the problem.
Until a remedy is widely available, we will not disclose further details
about the flaw.

For more information, contact Ed Felten at felten@cs.princeton.edu or
609-258-5906.

Dirk Balfanz and Ed Felten
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/

------------------------------

-------------------------------------------------------------------------
Steven Weller                      |  Technology (n):
                                   |
                                   |     A substitute for adulthood.
stevenw@best.com                   |     Popular with middle-aged men.

Thread