Microsoft IE/Outlook CODEBASE PopUp Object Remote Execution

2002-01-10T00:00:00
ID OSVDB:3052
Type osvdb
Reporter OSVDB
Modified 2002-01-10T00:00:00

Description

Vulnerability Description

Microsoft Internet Explorer could allow a remote attacker to execute arbitrary programs on a vulnerable system. The flaw occurs due to IE allowing the dynamic insertion of HTML elements into an element. This is achieved through "innerHTML", "outerHTML", "insertAdjacentHTML" and other elements and can be abused through functions such as window.PopUp() and window.Open(). Using these methods and others, an attacker can execute arbitrary commands on the remote system.

Solution Description

Upgrade to version 6.0SP1 or higher, as it has been reported to fix this vulnerability. Users can also install the patch for earlier versions provided by Microsoft. NOTE: This will only patch portions of the underlying issue. It is also recommended that users change the mime-type "application/hta" to something else.

Short Description

Microsoft Internet Explorer could allow a remote attacker to execute arbitrary programs on a vulnerable system. The flaw occurs due to IE allowing the dynamic insertion of HTML elements into an element. This is achieved through "innerHTML", "outerHTML", "insertAdjacentHTML" and other elements and can be abused through functions such as window.PopUp() and window.Open(). Using these methods and others, an attacker can execute arbitrary commands on the remote system.

References:

Other Advisory URL: http://web.archive.org/web/20030109035953/http://home.austin.rr.com/wiredgoddess/thepull/advisory4.html Microsoft Security Bulletin: MS02-015 Microsoft Security Bulletin: MS03-004 Microsoft Knowledge Base Article: 328548 ISS X-Force ID: 11411 ISS X-Force ID: 7941 Generic Informational URL: http://online.securityfocus.com/archive/1/66869 Generic Informational URL: http://security.greymagic.com/adv/gm001-ie/ Generic Informational URL: http://www.guninski.com/parsedat-desc.html CVE-2002-0077 CIAC Advisory: m-063 CERT VU: 626395 Bugtraq ID: 6923 Bugtraq ID: 3867