[ news_security_news ]
Internet Explorer Open To New Flaw
David Utter
Staff Writer
2007-02-13
 Insider Reports RSS Feed
An issue with the WinInet module (wininet.dll), used in Internet Explorer and other applications, has a vulnerability in its handling of FTP sessions. Microsoft has posted updates to address the problem.
The iDefense Labs security team issued an advisory not long after Microsoft made its scheduled February security bulletins available. Due to what they cite as a 'design error' in WinInet's FTP client code, an attacker could remotely execute code on a system.
iDefense said that in its testing against a Windows XP SP2 system, they were able to "put controlled values into controlled memory locations in Internet Explorer." However, they did note that while their initial testing methods were unreliable, it would be possible to remotely execute code on an unpatched system.
They call the flaw a FTP Reply Null Termination Heap Corruption vulnerability. It exists when reply lines are parsed from remote FTP servers. A specially crafted series of replies sent to a vulnerable client would cause the heap corruption, and from there remote code execution could take place.
IE6 on fully patched versions of Windows 2000 Advanced Server SP4 and Server 2003 Enterprise Edition SP1 along with XP SP2 has been found vulnerable in iDefense testing. They believe the flaw has existed since at least IE 5.0.
Microsoft's advisory, which includes updates to correct the problem, noted that the new Vista operating system does not have this vulnerability.
---
Tag: Internet Explorer
Add to  Del.icio.us |  Digg |  Reddit |  Furl
Get all the updates - 
About the Author:
David Utter is a business and technology writer for SecurityProNews and WebProNews.
More news_security_news Articles
Insider Reports RSS Feed
|
|
iEntry 10th Anniversary
RSS
Archive
