Internet Explorer Bug Lets Hackers Read Your Mail

Security researchers on Thursday warned of fresh security problems in Microsoft Internet Explorer that could allow attackers to take over a system or read private information from other websites. One of the bugs also affects Firefox, according to researchers. Proof-of-concept code was released demonstrating one of the bugs.

Also this week, Microsoft rereleased a patch from two weeks ago that had interfered with users’ dial-up connections.

A researcher on the Full Disclosure mailing list warned of the two IE problems, the more serious of which could be used to trick users into executing code on their systems. The bug is in IE’s handling of file shares, and could allow attackers to execute malicious HTA applications via a directory traversal attack, according to researchers.

Because exploitation requires users to double-click somewhere on a webpage, some researchers, such as Secunia, gave this bug a moderately critical rating, while others, such as the SANS Institute, said it was more severe.

The second flaw involves the way IE handles redirections, and could allow an attacker to access information from other websites in the context of the user, via the object.documentElement.outerHTML property.

“This vulnerability can be potentially nasty as attackers can use it to retrieve data from other websites the user is logged into (for example, webmail) and harvest user credentials,” said SANS Internet Storm Center handlers in an advisory. “Several handlers have spent a little more time validating this particular issue, and while it is a subtle exploit and rated a lower level risk, this issue has raised some of our neck hairs.”

Secunia confirmed the bug on a fully patched system running Internet Explorer 6.0 and Windows XP SP2, and published a vulnerability test based on proof-of-concept code published by researcher Plebo Aesdi Nael on the Full Disclosure list.

SANS ISC said it had also confirmed the bug in Mozilla Firefox. While Secunia’s demonstration doesn’t expose the Firefox version of the bug, Nael’s original proof-of-concept code can be exploited on the Mozilla browser, according to SANS ISC handlers.

Earlier this month, Microsoft released a patch fixing problems with routing and remote access, as detailed in Microsoft Security Bulletin MS06-025. On Tuesday, the company updated the patch to address problems with dial-up connections and dial-up scripting created by the original patch.

Researchers with the Metasploit Project released exploit code for bug MS06-025 a few days after the patch, causing Microsoft to warn users that attacks exploiting the vulnerability could be imminent.

-Matthew Broersma, Techworld.com (London)

Related Links:

• Microsoft Warns of Exploit Code for Dial-Up Bug

• Third Microsoft Excel Attack Identified

Check out our CIO News Alerts and Tech Informer pages for more updated news coverage.