Script Injection to Custom HTTP Errors in Local Zone

By Thomas McGuire on
Affected applications: Microsoft Internet Explorer 5.01, 5.5 & 6.0.
Note that any other application that uses Internet Explorer's engine (WebBrowser control) is affected as well (AOL Browser, MSN Explorer, etc.).

Discussion: We found that the above-mentioned parsing procedure has a flaw in it that may cause arbitrary script commands to be executed in the Local Zone. Leading to potential arbitrary commands execution, local file reading & other severe consequences. However, Exploiting this procedure requires user-interaction. The user must click the URL presented to it by the resource for the malicious code to execute.

Solution: Microsoft was notified on 20-Feb-2003. They were able to reproduce this on IE6 Gold & all versions below it. We managed to reproduce it on all versions, including IE6 SP1, with no exceptions. They plan to fix this flaw in a future service pack.

Would you like to know more?

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.