Detailed IE iframe vulnerability

xiaoxiao2021-03-06 41

The Locksmith in this issue discloses the details of the new IE vulnerability IFrame for extremely dangerous.

A new hazardous vulnerability for IE6.0 has been exposed, and the method of using this vulnerability is also disclosed. However, it can only be said that it is possible to decrease the level of harm to the vulnerability. There is no thorough protection.

Details

US-CERT recently released a vulnerability report,

Vu # 842160, which mentioned the recent IE6.0 vulnerability. This vulnerability is related to a boundary error that may cause and HTML tags. This problem is very serious. Because the remote attacker can run any code on the system affected by the vulnerability, this vulnerability has been involved in some hacker chat records before the security company reports.</p> <p>US-CERT has made this problem as described below: There is a buffer overflow vulnerability when IE processing Frame and IFRAME's SRC and Name properties. The disclosed code uses the vulnerability code uses JavaScript, which is accumulated in memory with the data block composed of NOP and shell code. After using too long SRC and Name properties, IE will give up management of memory addresses and make memory over one of the previous stacked blocks, execute NOP, and attacker's shell code. Implementing attacks will become very difficult under conditions without pre-preparing the stacking block capabilities.</p> <p>A Microsoft spokesperson said when answering my question: "Microsoft is studying the possible IE vulnerability of the new announcement. We did not find any incidents that used the vulnerabilities reported, but no consumers were affected, but we Will focus on this report. "</p> <p>"Microsoft will take appropriate measures to protect our consumers, may take the monthly release patch, or provide unconventional security upgrades, which will depend on consumer needs."</p> <p>RedMond Software also expressed concern about this unrelegant public vulnerability information rather than first informing Microsoft: "This method usually puts computer users in danger. We will continue to encourage disclosures for vulnerabilities We believe that the vulnerability situation is known directly, which helps ensure consumers get a comprehensive high-quality upgrade service for security vulnerabilities, without reminding the company that is exposed to malicious attackers when the company is developing patch. "</p> <p>Until the vulnerability message passed in the hacking community, Aus-Cert (ie Australian Cert), US-CERT, and Secunia were announced this vulnerability. Therefore, a wise practice is to first notify the vulnerability information to the software manufacturer. Because the relevant vulnerability event is disclosed on the network, many users feel very important. Safety sites will be published as soon as possible after getting these news, then IT professionals can take necessary precautions.</p> <p>Microsoft ends with the following words to end your questions: "If consumers suspect that they have been infected to contact the product support service (North American users can use the PC Safety Hotline (1-866-PCSafety) to seek about Security upgrades or virus issues, international users can use the contact information listed in http://support.microsoft.com. "</p> <p>applicability</p> <p>Secunia is also special</p> <p>The vulnerability is reported in IE 6.0 that runs Windows 2000 and Windows XP (even if XP installed service pack 1). But Secunia (and US-CERT) also reports XP SP2 will not be threatened.</p> <p>US-CERT also warned that the same vulnerability may exist in other applications that use WebBrowser Activex control, such as Outlook, Outlook Express, AOL, and Lotus Notes, such as Microsoft Outlook, Outlook Express, AOL, and Lotus Notes.</p> <p>AUS-CERT confirms that XP SP2 will not be threatened by this vulnerability. But AUS-CERT also warned that XP SP2 may be affected under more skilled attacks on the same vulnerability. Threat level - from very serious to extreme danger</p> <p>Secunia evaluates this vulnerability to "Extremely critical". This vulnerability may cause IE crashes, and this vulnerability may also allow attackers to perform any code on the system. Anti-virus software does not seem to prevent this threat.</p> <p>Mitigation method</p> <p>WINDOWS XP to install SP2 is clearly not affected, so if you install SP2 patches on a Windows XP system, you can avoid the threats brought by this vulnerability.</p> <p>Attackers may attract users to a malicious site or attract them to open a HTML message. System administrators need to emphasize users to be highly vigilant for two attack methods.</p> <p>Is it completely solved? Still just part?</p> <p>Now, according to Secunia and US-CERT's report, there is no thorough solution for this issue. However, it is clear that open emails in plain text can be used as a method of eliminating major threats. You can also disable event scripts and upgrade Windows XP to SP2. AUS-CERT also recommends using other web browsers.</p> <p>Conclude</p> <p>This report really made me feel that I have completely clear a hard drive before installation of Windows XP Pro and the SP2 patch is not so stupid. This will be my main working system before SP2 will be infected. (Until now, everything is fine. Although I know that many people have encountered trouble, the vulnerability will not have substantive threats to SP2.)</p></div><div class="text-center mt-3 text-grey"> 转载请注明原文地址:https://www.9cbs.com/read-74360.html</div><div class="plugin d-flex justify-content-center mt-3"></div><hr><div class="row"><div class="col-lg-12 text-muted mt-2"><i class="icon-tags mr-2"></i><span class="badge border border-secondary mr-2"><h2 class="h6 mb-0 small"><a class="text-secondary" href="tag-2.html">9cbs</a></h2></span></div></div></div></div><div class="card card-postlist border-white shadow"><div class="card-body"><div class="card-title"><div class="d-flex justify-content-between"><div><b>New Post</b>(<span class="posts">0</span>) </div><div></div></div></div><ul class="postlist list-unstyled"> </ul></div></div><div class="d-none threadlist"><input type="checkbox" name="modtid" value="74360" checked /></div></div></div></div></div><footer class="text-muted small bg-dark py-4 mt-3" id="footer"><div class="container"><div class="row"><div class="col">CopyRight © 2020 All Rights Reserved </div><div class="col text-right">Processed: <b>0.034</b>, SQL: <b>9</b></div></div></div></footer><script src="./lang/en-us/lang.js?2.2.0"></script><script src="view/js/jquery.min.js?2.2.0"></script><script src="view/js/popper.min.js?2.2.0"></script><script src="view/js/bootstrap.min.js?2.2.0"></script><script src="view/js/xiuno.js?2.2.0"></script><script src="view/js/bootstrap-plugin.js?2.2.0"></script><script src="view/js/async.min.js?2.2.0"></script><script src="view/js/form.js?2.2.0"></script><script> var debug = DEBUG = 0; var url_rewrite_on = 1; var url_path = './'; var forumarr = {"1":"Tech"}; var fid = 1; var uid = 0; var gid = 0; xn.options.water_image_url = 'view/img/water-small.png'; </script><script src="view/js/wellcms.js?2.2.0"></script><a class="scroll-to-top rounded" href="javascript:void(0);"><i class="icon-angle-up"></i></a><a class="scroll-to-bottom rounded" href="javascript:void(0);" style="display: inline;"><i class="icon-angle-down"></i></a></body></html><script> var forum_url = 'list-1.html'; var safe_token = 'lc4hTOwgxaawi5D_2BaZlFUldNjg_2FqYW_2FrVnvfm8TEDeXVM0SoD_2F06fqAn4A48P04lKpPK3yWnPwSlXrF0HTRA_2BA_3D_3D'; var body = $('body'); body.on('submit', '#form', function() { var jthis = $(this); var jsubmit = jthis.find('#submit'); jthis.reset(); jsubmit.button('loading'); var postdata = jthis.serializeObject(); $.xpost(jthis.attr('action'), postdata, function(code, message) { if(code == 0) { location.reload(); } else { $.alert(message); jsubmit.button('reset'); } }); return false; }); function resize_image() { var jmessagelist = $('div.message'); var first_width = jmessagelist.width(); jmessagelist.each(function() { var jdiv = $(this); var maxwidth = jdiv.attr('isfirst') ? first_width : jdiv.width(); var jmessage_width = Math.min(jdiv.width(), maxwidth); jdiv.find('img, embed, iframe, video').each(function() { var jimg = $(this); var img_width = this.org_width; var img_height = this.org_height; if(!img_width) { var img_width = jimg.attr('width'); var img_height = jimg.attr('height'); this.org_width = img_width; this.org_height = img_height; } if(img_width > jmessage_width) { if(this.tagName == 'IMG') { jimg.width(jmessage_width); jimg.css('height', 'auto'); jimg.css('cursor', 'pointer'); jimg.on('click', function() { }); } else { jimg.width(jmessage_width); var height = (img_height / img_width) * jimg.width(); jimg.height(height); } } }); }); } function resize_table() { $('div.message').each(function() { var jdiv = $(this); jdiv.find('table').addClass('table').wrap('<div class="table-responsive"></div>'); }); } $(function() { resize_image(); resize_table(); $(window).on('resize', resize_image); }); var jmessage = $('#message'); jmessage.on('focus', function() {if(jmessage.t) { clearTimeout(jmessage.t); jmessage.t = null; } jmessage.css('height', '6rem'); }); jmessage.on('blur', function() {jmessage.t = setTimeout(function() { jmessage.css('height', '2.5rem');}, 1000); }); $('#nav li[data-active="fid-1"]').addClass('active'); </script>