Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Microsoft Internet Explorer 5 Zone Spoofing Vulnerability

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 14 Views

Microsoft Internet Explorer 5 Zone Spoofing Vulnerability allows websites to be viewed in Local Intranet Zone, bypassing security settings

Code

                                                source: http://www.securityfocus.com/bid/3420/info

Microsoft Internet Explorer contains a security-setting feature that can be modified according to a user's preferences. These settings control what actions a web site can take on a user's system.

A vulnerability exists in Internet Explorer, which could allow a web site to be viewed in the Local Intranet Zone, rather than the Internet Zone. Thus, allowing content to be viewed with less-restrictive security settings.

Converting the IP address of the target web site into a dotless IP address, and submitting it, will cause Internet Explorer to view the web site in the Local Intranet zone.

* Microsoft Security Bulletin MS01-055 states that there is a new variant of this issue, although no technical details have been provided. A cumulative patch has been released and IE 5.5 users are encouraged to install it. 

Example:

An option in a basic authenticated site is to pass on a username (and/or
password) in the URL like this:

http://[email protected]

Another possibility is to convert an IP address into a dotless IP address;
such an address is also called a DWORD address (some proxy servers, routers
or web servers do not allow this).

http://msdn.microsoft.com - IP: 207.46.239.122

Convert this IP address to a DWORD address:

207 * 16777216 = 3472883712
46 * 65536 = 3014656
239 * 256 = 61184
122 * 1 = 122
------------------------------------------------ +
= 3475959674

This DWORD address can be used to visit the site like:

http://3475959674
If we combine the URL login option with the DWORD IP address we'll get the
following URL:

http://mike@3475959674

The browser still thinks we are in the internet zone as expected.

Now we change the @ sign to its ASCII equivalent (%40):


------------------------
http://mike%403475959674
------------------------

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
internet explorerzone spoofingsecurity settingsintranet zoneip addressvulnerabilitycumulative patchexploitsecurity bulletin
14