Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MS06-042: Internet Explorer Rollup Patch SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MS06-042: Internet Explorer Rollup Patch
MS06-042  (CRITICAL)

The usual monthly set of fixes for recently discovered Internet Explorer vulnerabilities. Exposing Internet Explorer to malicious HTML code could allow an attack to execute arbitrary code. Vulnerabilities like this are freuntly used by "drive by downloads" to install spyware, adware and bots.

Three of the vulnerabilities have been disclosed publically:
- CVE-2006-3280 (Redirect Cross-Domain Information Disclosure).
- CVE-2006-3637 (HTML Rendering Memory Corruption Vulnerability)
- CVE-2004-1166 (FTP Server Command Injection Vulnerability).

In particular note the date (2004!) of the FTP server command injection vulnerablity. Exploiting this vulnerability is rather easy and exploits have been available back in December of 2004. The attacker would have to include an 'ftp://' URL which includes a URL encoded newline character (Newline=%0a). It is also important to note that the KDE web brower (konqueror) had the same issue.

A well crafted exploit for the FTP vulnerability would not require any user interaction beyond exposing the browser to malicious code. A compromissed web server, banner ads or image tags in public web sites could be used to trigger this vulnerability.

Urgency:
Client: HIGH! Apply patch after expedited testing.
Server: Low. Apply patch after exhaustive testing.








I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020

Johannes

3693 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!