Green Alliance: the online banking security controls remote code execution vulnerability analysis V1. 2-vulnerability warning-the black bar safety net


5 on 1 1 December, nsfocus Threat Response Center reported the storm clouds announcement, ICBC security controls can lead to remote arbitrary code execution vulnerability, Tick-2 0 1 5-9 6 3 3 9, and considering the Internet financial current there are more security issues, and taking into account the vulnerability related to the Alipay security controls, the potential impact is large, it rapidly expanded emergency response work. #### Background information The problem originated in the Cloud Platform for business banking control security issues at a briefing on[ dark clouds, http://wooyun.org/bugs/wooyun-2010-096339], the briefing noted that the Bank's online banking controls will reduce the online banking user's computer in the Security Configuration, the configuration exists in the IE browser. When this is reduced PC access to under normal conditions the credibility of the site, it will perform a trusted site require any command, if the vulnerability is exploited by attackers, it is easy to construct cross-site attacks on a user's computer to execute arbitrary code. #### The degree of harm Colloquially speaking, this problem can be understood as a“loophole amplifier”, which itself may not cause particularly serious harm, but with other vulnerabilities, will amplify other vulnerabilities caused by hazards, foreseeable hazards are the following items: •The vulnerability relates to the online banking login page, as well as may involve more and common trust websites such as Taobao, Alipay, etc., both the common user is more likely to be attacked, the range is large, the hazard is relatively large; •Online banking for compatibility and usability considerations, might reduce the IE security settings, whereby the operation to bring the error set may exist in a number of banks; and •The vulnerability is due to the banking control error set to allow to browse trusted sites to execute arbitrary code, and without any prompting, which enhance the cross-site attack threat level, users may be more susceptible to injury; •[XSS](<http://www.myhack58.com/Article/html/3/7/Article_007_1.htm>)cross-site attacks itself there is easy to broadcast, in conjunction with other vulnerabilities for a combination attack, it will further expand the scope of the impact #### The analysis step Detection method To effectively address this vulnerability, users are advised to as soon as possible by the following method to detect whether they have been affected. Check the IE browser security settings •“Start the IE browser, find and click on the“Tools menu”- “Internet Options” •In the subsequent dialog box, click the Security tab •Below the first window, click“Trusted sites”icon ! [](/Article/UploadPic/2015-5/2 0 1 5 5 1 4 1 4 1 2 1 6 1 3 7. png) Check the Trusted sites zone security level After selecting this option, if you find a red box in the security level to“medium”, it indicates that the use of online banking controls Do not exist similar problems, the following figure is the security situation of the sample of Fig. ! [](/Article/UploadPic/2015-5/2 0 1 5 5 1 4 1 4 1 2 1 6 1 3 7. png)! [](/Article/UploadPic/2015-5/2 0 1 5 5 1 4 1 4 1 2 1 6 1 6 6. png) After selecting this option, if you find a red box in the security level to“custom”, you need through the following steps to further determine the problem: •Click on the“Custom Level”button •In the new pop-up dialog box to view the“not marked as safe for scripting of ActiveX controls initialize and script”this one •If the selection is“enable”, it indicates that there is a corresponding problem **[1] [[2]](<62367_2.htm>) [[3]](<62367_3.htm>) [next](<62367_2.htm>)**