[ insider_reports_insider ]
New Flaw Spotted In IE
David Utter
Staff Writer
2007-03-15
 Insider Reports RSS Feed
Internet Explorer suffers from an input validation error that could be exploited by phishing scammers to steal information from users of that browser.
 | | New Flaw Spotted In IE |  |
France's FrSIRT confirmed the flaw with the IE resource page 'res://ieframe.dll/navcancl.htm'. The input validation error could be exploited when that page generates a 'Refresh the page' link.
The report about the low risk remotely exploitable issue said attackers could spoof the displayed address bar by tricking a user into clicking on the "Refresh the page" link while visiting a malicious web page.
This problem affects the latest version of the browser, IE 7. Security researcher Aviv Raff first noted the vulnerability, and listed IE 7 on XP and Vista as being vulnerable to it.
He described the issue as "a design flaw in IE" and provided an example scenario where it could be exploited:
To perform a phishing attack, an attacker can create a specially crafted navcancl.htm local resource link with a script that will display a fake content of a trusted site (e.g. bank, paypal, MySpace).
When the victim will open the link that was sent by the attacker, a "Navigation Canceled" page will be displayed. The victim will think that there was an error in the site or some kind of a network error and will try to refresh the page. Once he will click on the "Refresh the page." link, The attacker's provided content (e.g. fake login page) will be displayed and the victim will think that he's within the trusted site, because the address bar shows the trusted site's URL.
No formal patch or workaround has been provided by Microsoft yet. Raff suggested people should not trust the 'Navigation Canceled' page in IE until this has been fixed.
Remotely exploitable flaw disclosed for OpenBSD: It's only the second such hole ever found in a default install of the OpenBSD operating system. The Core Security website discussed the remote kernel buffer overflow that could impact OpenBSD's IPv6 mbufs:
The OpenBSD kernel contains a memory corruption vulnerability in the code that handles IPv6 packets. Exploitation of this vulnerability can result in:
1) Remote execution of arbitrary code at the kernel level on the vulnerable systems (complete system compromise), or;
2) Remote denial of service attacks against vulnerable systems (system crash due to a kernel panic)
The issue can be triggered by sending a specially crafted IPv6 fragmented packet.
OpenBSD systems using default installations are vulnerable because the default pre-compiled kernel binary (GENERIC) has IPv6 enabled and OpenBSD's firewall does not filter inbound IPv6 packets in its default configuration.
The impact of the flaw appears to be mitigated, judging by Core Security's note that exploiting it first requires "direct physical/logical access to the target's local network." A security fix for the problem has been issued.
---
Computer Security, Internet Explorer, Microsoft
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More insider_reports_insider Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
