Search in Google
only search in SAJINGEORGE.COM
Cool Links
Computer Software Directory
WebSite Listings
Virus List
Free Fonts Download

Enter your email address:
Powered by

Subscribe Via RSS

HOME | Tips | Tricks | News | Softwares | Hardwares | Contact Me
Microsoft warns of new IE data-leakage vulnerability
Friday, February 5, 2010
Microsoft today issued a security advisory to acknowledge an information disclosure hole in its Internet Explorer browser and warned that an attacker could exploit the flaw to access files with an already known filename and location.

The vulnerability was first discussed at this week’s Black Hat DC conference by Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies. Microsoft says the risk is highest for IE users running Windows XP or who have disabled the browser’s Protected Mode feature.

Medina’s presentation demonstrated how an attacker can read every file of an IE user’s filesystem. The attack scenario leveraged different design features of Internet Explorer that can be combined to do serious damage.

Here’s more on Medina’s talk from DarkReading’s Kelly Jackson-Higgins:

[Medina] says popular features in IE, such as URL Security Zones and the browser’s file-sharing protocol, can together be abused to execute an attack that results in the attacker being able to read all files on the victim’s machine. Medina plans to release proof-of-concept code for the attack next month after Black Hat DC, and after Microsoft issues a security update for the attack, which affects IE versions 6 and above, he says.

“These vulnerabilities are just features … the implementation of the features allow you to obtain certain information, which by itself is harmless. But when combined together with other features, it renders an attack vector,” Medina says. The attack requires the user to click on a malicious link.

According to Microsoft’s advisory, IE’s Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008.

The problem does affect every version of the browser but is considered most serious on Windows XP.

The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites.


Labels:

by Sajin George on 8:38 AM  
BACK TO TOP
Your Ad Here
Computer Tips and Tricks
Latest Updates
Archives
About Me

Name: Sajin George
Home: Mumbai, Maharashtra, India
About Me: I'm Working as a System Administrator in an Animation Studio.
See my complete profile
Your Ad Here
Site best viewed in IE5.5 or Firefox 3.0 and above with resolution 1024X768 Pixels Conceived,
© 2009 - Computer Tips, Tricks and Technology Updates from SAJIN's WEB by Saj Graphics