From: Ben Holiday <ncognito@gate.net>
To: cypherpunks@toad.com
Message Hash: eb0897b512cedcd5cb9ab1efd990de012c41f9d44e02dffcdbab22309a448171
Message ID: <Pine.A32.3.93.960826001930.31882A-100000@seminole.gate.net>
Reply To: N/A
UTC Datetime: 1996-08-27 00:58:42 UTC
Raw Date: Tue, 27 Aug 1996 08:58:42 +0800
From: Ben Holiday <ncognito@gate.net>
Date: Tue, 27 Aug 1996 08:58:42 +0800
To: cypherpunks@toad.com
Subject: Microsoft Explorer security hole (fwd)
Message-ID: <Pine.A32.3.93.960826001930.31882A-100000@seminole.gate.net>
MIME-Version: 1.0
Content-Type: text/plain
---------- Forwarded message ----------
Date: Mon, 26 Aug 1996 01:35:07 GMT
Subject: Microsoft Explorer security hole (fwd)
On Sun, 25 Aug 1996 13:55:30 -0600 (MDT), Carl Nation
<carl@iserver.com> wrote:
To our Resellers/Customers,
Our sysadmin received this security alert, and we thought we should
pass it along...
------- Forwarded Message
Date: Wed, 21 Aug 1996 13:12:59 -0400
From: felten@CS.Princeton.EDU (Ed Felten)
Subject: Internet Explorer Security Problem
We have discovered a security flaw in the current version (3.0) of
Microsoft's Internet Explorer browser running under Windows 95. An
attacker could exploit the flaw to run any DOS command on the machine of
an Explorer user who visits the attacker's page. For example, the
attacker could read, modify, or delete the victim's files, or insert a
virus or backdoor entrance into the victim's machine. We have verified
our discovery by creating a Web page that deletes a file on the machine of
any Explorer user who visits the page.
The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would
normally be applied to the document. If the document is, for example, a
Microsoft Word template, it could contain a macro that executes any DOS
command.
Normally, before Explorer downloads a dangerous file like a Word
document, it displays a dialog box warning that the file might contain a
virus or other dangerous content, and asking the user whether to abort the
download or to proceed with the download anyway. This gives the user a
chance to avoid the risk of a malicious document. However, our technique
allows an attacker to deliver a document without triggering the dialog
box.
Microsoft has been notified and they are working on fixing the
problem. Until a remedy is widely available, we will not disclose further
details about the flaw.
For more information, contact Ed Felten at felten@cs.princeton.edu or
609-258-5906.
Dirk Balfanz and Ed Felten
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/
------- End of Forwarded Message
Return to August 1996
Return to “ichudov@algebra.com (Igor Chudov @ home)”