Microsoft IE Web Folder Cross-Domain Code Execution

2005-08-09T16:09:00
ID OSVDB:18611
Type osvdb
Reporter OSVDB
Modified 2005-08-09T16:09:00

Description

Vulnerability Description

Windows contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when browsing from a Web page to a Web folder using WebDAV, and URLs are not properly validated by the Internet Explorer cross-domain security model, allowing an attacker to execute arbitrary code. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, Microsoft has released a patch to address this vulnerability.

Short Description

Windows contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when browsing from a Web page to a Web folder using WebDAV, and URLs are not properly validated by the Internet Explorer cross-domain security model, allowing an attacker to execute arbitrary code. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

References:

Security Tracker: 1014641 Secunia Advisory ID:16373 Related OSVDB ID: 18610 Related OSVDB ID: 18612 Other Advisory URL: http://www.us-cert.gov/cas/techalerts/TA05-221A.html Microsoft Security Bulletin: MS05-038 Microsoft Knowledge Base Article: 896727 ISS X-Force ID: 21702 Generic Informational URL: http://www.eweek.com/article2/0,1895,1846283,00.asp CVE-2005-1989 Bugtraq ID: 14512