In-Depth

Briefs

Microsoft details vulnerabilities (including extremely critical IE problems); safeguarding CAD drawings in your browser

• By Mathew Schwartz
• 07/21/2004

Microsoft: Four Critical IE Vulnerabilities

Vulnerability alert firm Secunia warned of four new “extremely critical” vulnerabilities in Microsoft’s Internet Explorer (IE) browser versions 5.01, 5.5, and 6, and possibly in earlier IE versions as well. Secunia says it’s confirmed the four vulnerabilities using the IE version 6 running on Windows XP SP1.

The first vulnerability can allow a malicious Web site “to redirect a function to another function with the same name,” says Secunia. This would allow the Web site to evade “normal security restrictions” to run script code.

The second vulnerability can trick users into clicking false links or dragging and dropping resources. For example, a Web site could insert a link to itself in the user’s Favorites folder. Secunia says the http-equiv group has posted proof-of-concept code for this attack, which, in conjunction with insecure Windows “shell” functionality, can compromise a vulnerable system.

The third vulnerability allows arbitrary script code to be injected “into Channel links in Favorites,” says Secunia. Such code is executed as if it was in the Local Security Zone, and is affected only by said Local security restrictions.

The fourth vulnerability uses the “Window.createPopup()” function to overlay false content onto another Web page. In essence, users see one page when in fact certain dialog boxes or sections of the page may have been covered up using this vulnerability. This “may potentially cause users to open harmful files or do other harmful actions without knowing it.”

Secunia says a fifth vulnerability, as yet unconfirmed, allows injection of script code in the Local Security Zone using HTML anchor tags. Reportedly, IE 6 running the still-in-beta Windows XP SP2 is affected.

In light of the above vulnerabilities, security experts recommend disabling scripting in IE, noting it may make some Web sites or corporate intranets unusable.

Some experts even recommend—as they did for another recent IE vulnerability—enterprises consider using a different browser. Opera Software, for example, announced a new migration tool to make their browser look like IE (see http://info.101com.com/default.asp?id=8548).

- - -

Microsoft Releases Seven Security Advisories

In its own security announcement for the month, Microsoft released seven advisories listing a total of eight vulnerabilities. It rates two as critical, five as important, and one as moderate.

The critical vulnerabilities involve Windows HTML Help and Windows Task Scheduler. “Both of the critical vulnerabilities require some level of social engineering by an attacker to convince a potential victim to visit a malicious Web site,” notes David Endler, director of digital vaccine for TippingPoint.

Microsoft has released patches for all problems. “One would hope that Microsoft Windows users will patch their systems immediately, especially in light of the Russian organized crime exploitation of unpatched Internet Explorer vulnerabilities we recently observed,” says Endler.

- - -

Safeguarding CAD Drawings in Browsers

For companies sharing CAD- and polygon-based design data, a new browser can stem worries of theft, especially during a design review or bidding process.

The 3D Protected Browser, developed by security vendor OmniTrust Security Systems and Nomura Research Institute, allows designated individuals to view design information on screen, or input data into allowed fields, while restricting printing, copying, or screen-capture activities. The product can similarly protect the XVL format, developed by Lattice3D Technologies, and widely used in manufacturing.

“Manufacturers must collaborate and share CAD and other design data in order to reap the benefits of collaborative design,” notes OmniTrust president and CEO Michael Mansouri. Yet “it is increasingly easy for people to steal such confidential information, leading to compromised competitive advantage—among many other problems. We developed Protected Browser out of popular demand to help address this growing problem.”

The 3D Protected Browser is actually a “plug in” to OmniTrust’s Protected Browser product, which is a combination of PC- and server-level software for protecting browser-based content. The browser works with Windows 2000 and XP, and Internet Explorer 5.01 and later. On the server side, the product works with SPARC Solaris8 or later, Apache 1.3.2x, Windows NT4.0 and 2000, and IIS5.0 and 5.1.

Related Article:

Protecting Customer Data at the Browser Level
http://info.101com.com/default.asp?id=7481