Microsoft identifies flotilla of security holes

By Matt Whipp

Posted on 24 Apr 2003 at 16:00

Microsoft has made patches available to cover critical vulnerabilities discovered in IE and Outlook Express.

First up, for Outlook Express, there exists a flaw in the processes used to render HTML in emails. An email could be constructed that contained a URL which, if clicked on, would access a file stored on the local machine. That file would be assumed to be HTML and opened. If it contained a script, it would be executed, and run with local privileges.

The flaw is rated as critical and affects Outlook Express 5.5 and 6.0.

For Internet Explorer, four vulnerabilities have been identified. A buffer overrun exists in URLMON.DLL, where parameters of data received from a Web server are not checked properly. A successful exploit could result in code being run on the targetted machine.

Next, a flaw in the file upload control means an attacker could tell it to upload files to a Web server. Of course the attacker would have to know where these files were to begin with.

Number three is courtesy of a flaw in third-party plug-in rendering, where parameters are not properly checked for the running of plug-ins such as Flash. Specially crafted URLs could be used to sidestep security checks and execute script in the local security context.

Lastly, a vulnerability exists in those dialog boxes that pop up, asking you to make a decision about something. Again, an unchecked parameter could allow an attacker to create an HTML page that popped up a dialog box which, when clicked on, executed a script that allowed the attacker to read files. The attacker would need to know the location of files.

The flaws are rated on aggregate as critical and affect IE 5.01, 5.5 and 6.0.

Patches can be accessed at:

www.microsoft.com/windows/ie/downloads/critical/813489/default.asp (Reboot required)

www.microsoft.com/windows/ie/downloads/critical/330994/default.asp