MS IE 3.0 already showing gaping security chasms

Robert Harley (harley@cahors.inria.fr)
Thu, 22 Aug 1996 13:08:49 +0200


------------------------------------------------------------------------------
Date: Wed, 21 Aug 1996 13:12:59 -0400
From: felten@CS.Princeton.EDU (Ed Felten)
Subject: Internet Explorer Security Problem

We have discovered a security flaw in the current version (3.0) of
Microsoft's Internet Explorer browser running under Windows 95. An attacker
could exploit the flaw to run any DOS command on the machine of an Explorer
user who visits the attacker's page. For example, the attacker could read,
modify, or delete the victim's files, or insert a virus or backdoor entrance
into the victim's machine. We have verified our discovery by creating a Web
page that deletes a file on the machine of any Explorer user who visits the
page.

The core of the attack is a technique for delivering a document to the
victim's browser while bypassing the security checks that would normally be
applied to the document. If the document is, for example, a Microsoft Word
template, it could contain a macro that executes any DOS command.

Normally, before Explorer downloads a dangerous file like a Word document,
it displays a dialog box warning that the file might contain a virus or
other dangerous content, and asking the user whether to abort the download
or to proceed with the download anyway. This gives the user a chance to
avoid the risk of a malicious document. However, our technique allows an
attacker to deliver a document without triggering the dialog box.

Microsoft has been notified and they are working on fixing the problem.
Until a remedy is widely available, we will not disclose further details
about the flaw.

For more information, contact Ed Felten at felten@cs.princeton.edu or
609-258-5906.

Dirk Balfanz and Ed Felten
Dept. of Computer Science, Princeton University
http://www.cs.princeton.edu/sip/
------------------------------------------------------------------------------

There are also complaints that MSIE30M.exe sometimes trashes the FAT
thus buggering your HD.

Glad I'm not using a PC,
Rob.
.-. Robert.Harley@inria.fr .-.
/ \ .-. "Dances with bits" .-. / \
/ \ / \ .-. _ .-. / \ / \
/ \ / \ / \ / \ / \ / \ / \
/ \ / \ / `-' `-' \ / \ / \
\ / `-' `-' \ /
`-' Hit me with those laser beams. `-'