Attention Internet Explorer 5 Users!
Security bug found! Click here for details and instructions to protect your PC.
IE5 Allows File Creation and Modification
Reported August 24, 1999 by Georgi Guninski
VERSIONS EFFECTED
Microsoft Internet Explorer 5.0
DESCRIPTION
Internet Explorer 5.0 allows executing arbitrary programs on the local machine by creating and overwriting local files and putting
content in them. The problem resides in the ActiveX Control entitled, "Object for constructing type libraries for scriptlets". This object
allows the creation and modification of local disk files.
An example exploit would be to create an HTML-based application in someone's Startup folder, where it would then run the next
time the system reboots.
Exploits are possible via email in addition to browser-based attacks.
DEFENSE
See response from Microsoft below. To guard against the risks presented in this bulletin, be sure to adjust control of
ActiveX Scripting, Controls, and Plugins on your IE5 Browser. To do so, choose the Tools menu, select Options, and then click the
Security tab. On the dialog, choose the Internet zone, and click the Custom Level button, which opens a new dialog. On the new
dialog, scroll through the list and adjust all ActiveX properties to either "Disable" or "Prompt." Keep in mind that if you set these
controls to "Prompt," you may experience a large number of prompts on the screen while surfing the Internet. If the prompts become
a bother, simply readjust the ActiveX properties to "Disable."
CREDITS
Discovered by Georgi Guninski
VENDOR RESPONSE
Microsoft has released a security bulletin, FAQ, and patch for IE regarding this issue. Also, be sure to read Support Online article
Q240308.
Two more security problems found. The first one below affects IE 4 or 5.
Scriptlet.typlib and Eyedog Vulnerability
Reported August 31, 1999 by Georgi Guninski
VERSIONS EFFECTED
Microsoft Internet Explorer 4.0 and 5.0
DESCRIPTION
Internet Explorer 4.x and 5.x support two particular ActiveX controls (Scriplet.typlib and Eyedog) that are subject to attacks that may
allow an intruder to take any action against a remote computer. The Scriptlet.typlib may allow an intruder to change or delete files,
in addition to causing commands to execute on a remote system. The Eyedog control may allow a web page to gather information
from a remote user's computer (such as registry settings, user name, etc) and pass that info back to a Web site.
VENDOR RESPONSE
Microsoft has released a security bulletin, FAQ, and patch for IE regarding this issue. Also, be sure to read Support Online article
Q240308.
The next one affects any Windows version running Java Virtual Machine. Just about anyone.
Java VM Sandbox Vulnerability
Reported August 24, 1999 by Xerox PARC
VERSIONS EFFECTED
Microsoft Java Virtual Machine, all builds in the 2000 and 3000 series
DESCRIPTION
Internet Explorer 4.x and 5.x shipped with a Java VM that is subject to a vulnerability that may allow a program to operate outside of
the security sandbox and perform any action on user's computer.
Please note there are other means that these particular builds may have made it onto a machine. Be sure to check your version to
see if its affected. To inspect your JVM version number, Choose "Start", "Run", then "(CMD or COMMAND or open DosPrompt),"
and hit the enter key. At the command prompt, type "JVIEW" and hit the enter key. The version information will be at the right of the
topmost line. It will have a format like "5.00.xxxx", where the "xxxx" is the build number. For example, if the version number is
5.00.1234, you have build number 1234.
According to Microsoft's FAQ on the matter, here's what the build information means:
If you have a build number of 1520 or lower, you are not affected by this vulnerability.
If you have a build number higher than 1520, you are affected by this vulnerability. The build number for the patched version is
3186.
VENDOR RESPONSE
Microsoft has released a security bulletin, FAQ, and updated JVM regarding this issue. Also, be sure to read Support Online article
Q240246.