Another 9 Exploits Found in IE

A performance-boosting feature found in Microsoft’s Internet Explorer 5.5 and 6 has
opened up nine vulnerabilities that can leave a user’s PC wide open for
remote exploit, according to the company that found the breach earlier this
month.

Previous IE versions, as well as IE 6.1 are unaffected by the flaw, said
officials at GreyMagic Software Tuesday, the Israeli firm who discovered
the flaw. Last week, the company publicized a flaw in IE 5.5 and 6 that lets hackers
steal Web cookies
from Web sites and forge content to read local files
and execute programs in the Document Object Model (DOM).

Microsoft officials were unaware of the vulnerability at press time. After
last week’s flaw was published, they berated GreyMagic for not giving their
own engineers time to investigate the vulnerability.

Tuesday’s nine vulnerabilities all find their root in object caching, which
performs security checks when people visit Web sites. In the time it takes
for one page to unload and the other to load, these security checks
determine whether both pages are in the same security zone and domain.

The problem, according to GreyMagic engineers, is that objects that are
supposed to be inaccessible when the pages are unloaded and the references
stored become open to exploit. In essence, the assumed-to-be-inaccessible
pages are now interoperable with other documents, such as the attacker’s
page found on his or her site.

While the object caching vulnerability affects one area of the Web browser,
there are nine separate methods for exploitation. Following are the
methods and their potential impact. GreyMagic also published the exploits
to compromise the vulnerability, but internetnews.com does not
publish exploits:

  • showModalDialog – Full access in IE 5.5, “My Computer” zone access in
    IE 6.
  • external – Full DOM access on both versions.
  • createRange – Full DOM access on both versions.
  • elementFromPoint – Full DOM access on both versions.
  • getElementById – Full DOM access on both versions.
  • getElementsByName – Full DOM access on both versions.
  • getElementsByTagName – Full DOM access on both versions.
  • execCommand – read access to the loaded document.
  • clipboardData – read/write access to the clipboard, regardless of
    settings.

GreyMagic engineers recommend disabling Active Scripting until a patch is
released, or upgrading to IE 6.1.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web