Site Network: Beskerming.com | Skiifwrald.com | Jongsma & Jongsma

Security for All

Sûnnet Beskerming is a company with a focus and a drive to provide Information Security services for all those who want to stay safe and secure in an online world.

Username: | Password: Contact us to request an account

Internet Explorer - Remote hacker automatic control

Version: At least version 6.x
Technical Details:

Internet Explorer is still vulnerable to protocol handler vulnerabilities, where arguments passed in a link that calls an external protocol handler are passed without filtering. Depending on the application that is being used to handle the external protocol, arbitrary code execution may result (such as is the case with the current FirefoxURL issue).

Description:

It has been discovered that Internet Explorer is still vulnerable to a well known class of vulnerabilities - where it is possible to run software of an attacker's choice by adding extra arguments to a web link. The most recent disclosure affects the FirefoxURL handler. Despite being known since 2004, it appears that this issue will continue to affect users. Exploit code is readily available for this, and other examples of the issue.

Mitigation:

Consider the use of an alternative browser until this issue can be remedied.

Updates:

Not Yet Available

Source:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit

Exploits:

http://larholm.com/2007/07/10/internet-explorer-0day-exploit

External Tracking Data:

Not Yet Identified


Social bookmark this page