Microsoft Security Bulletin MS03-020: Cumulative Patch for Internet Explorer (818529)

2003-06-05T00:00:00
ID SECURITYVULNS:DOC:4644
Type securityvulns
Reporter Securityvulns
Modified 2003-06-05T00:00:00

Description

-----BEGIN PGP SIGNED MESSAGE-----


Title: Cumulative Patch for Internet Explorer (818529) Date: 04 June 2003 Software: Microsoft(r) Microsoft Internet Explorer(r) 5.01 Microsoft Internet Explorer 5.5 Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6.0 for Windows Server 2003 Impact: Allow an attacker to execute code of their choice Max Risk: Critical Bulletin: MS03-020

Microsoft encourages customers to review the Security Bulletins at: http://www.microsoft.com/technet/security/bulletin/MS03-020.asp http://www.microsoft.com/security/security_bulletins/ms03-020.asp


Issue:

This is a cumulative patch that includes the functionality of all previously released patches for Internet Explorer 5.01, 5.5 and 6.0. In addition, it eliminates two newly discovered vulnerabilities:

  • A buffer overrun vulnerability that occurs because Internet Explorer does not properly determine an object type returned from a web server. It could be possible for an attacker who exploited this vulnerability to run arbitrary code on a user's system. If a user visited an attacker's website, it would be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML email that attempted to exploit this vulnerability.

  • A flaw that results because Internet Explorer does not implement an appropriate block on a file download dialog box. It could be possible for an attacker to exploit this vulnerability to run arbitrary code on a user's system. If a user simply visited an attacker's website, it would be possible for the attacker to exploit this vulnerability without any other user action. An attacker could also craft an HTML email that attempted to exploit this vulnerability.

In order to exploit these flaws, the attacker would have to create a specially formed HTML email and send it to the user. Alternatively an attacker would have to host a malicious web site that contained a web page designed to exploit these vulnerabilities. The attacker would then have to persuade a user to visit that site.

As with the previous Internet Explorer cumulative patches released with bulletins MS03-004 and MS03-015, this cumulative patch will cause window.showHelp( ) to cease to function if you have not applied the HTML Help update. If you have installed the updated HTML Help control from Knowledge Base article 811630, you will still be able to use HTML Help functionality after applying this patch.

Mitigating factors:

The following mitigating factors apply to both vulnerabilities discussed in this bulletin:

  • By default, Internet Explorer on Windows Server 2003 runs in Enhanced Security Configuration. This default configuration of Internet Explorer blocks these attacks. If Internet Explorer Enhanced Security Configuration has been disabled, the protections put in place that prevent these vulnerabilities from being exploited would be removed.
  • In the Web based attack scenario, the attacker would have to host a web site that contained a web page used to exploit these vulnerabilities. An attacker would have no way to force users to visit a malicious web site outside of the HTML email vector. Instead, the attacker would need to lure them there, typically by getting them to click on a link that would take them to the attacker's site.
  • Code that executed on the system would only run under the privileges of the logged in user.

Risk Rating:

Critical

Patch Availability:

  • A patch is available to fix this vulnerability. Please read the Security Bulletins at

http://www.microsoft.com/technet/security/bulletin/ms03-020.asp http://www.microsoft.com/security/security_bulletins/ms03-020.asp

for information on obtaining this patch.

Acknowledgment:

  • eEye Digital Security (http://www.eeye.com/)

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

-----BEGIN PGP SIGNATURE----- Version: PGP 7.1

iQEVAwUBPt4h7I0ZSRQxA/UrAQGN8Qf+Pw+jcDSFRSRkTKrDpDukp1UDXx/zH0gZ KwqcKa+cxjmkU6oo9ZiUTB+aTy4px/LWJPstri0CICgD8poVLeqGLRwLpUzpwWOP EBRuN1Y5IgDV2J6HmvLBNg8E1CpwMii2LIdo07w6xkGtBPOcxhn9S884jlBw1CQE mNQjTCiGBZWunsUVCeQiaJnV+7fH5BHRFPu3qi3PvQxNCgXvziCBgyTxf33u7U1K XFW7bZKDcKYhKJ385qmvbs2yV+rDv5s4b3SlemIxnH6VdoUUKhRuWoMcia9dqFLh 5sovuW2MjxprNUrzA0A8Tm1GCnAHQM/M2c35ML18wGh15SJr2c5Y8A== =DxHQ -----END PGP SIGNATURE-----


You have received this e-mail bulletin because of your subscription to the Microsoft Product Security Notification Service. For more information on this service, please visit http://www.microsoft.com/technet/security/notify.asp.

To verify the digital signature on this bulletin, please download our PGP key at http://www.microsoft.com/technet/security/notify.asp.

To unsubscribe from the Microsoft Security Notification Service, please visit the Microsoft Profile Center at http://register.microsoft.com/regsys/pic.asp

If you do not wish to use Microsoft Passport, you can unsubscribe from the Microsoft Security Notification Service via email as described below: Reply to this message with the word UNSUBSCRIBE in the Subject line.

For security-related information about Microsoft products, please visit the Microsoft Security Advisor web site at http://www.microsoft.com/security.