Using Inernet Explorer? Then it’s about time to patch it (again)

Story from vunet.com:

Details of a vulnerability in Microsoft’s Internet Explorer (IE) browser were released today after a 30-day ‘cooling off’ period to allow users to install the patch.

Depending on who you talk to, the bug reported on security mailing lists on 14 December is either the biggest hole ever to be found in IE or just an everyday glitch.

But the crux of the vulnerability is that by simply placing the characters %00, otherwise known as a null byte, into a filename on a maliciously configured web server, a user could be tricked into opening dangerous content.

Online Solutions, the security firm credited with discovering the flaw, explained that a filename such as ‘README.TXT%00PROG.EXE’ would appear to open Readme.txt but, in reality, could open the potentially malicious Prog.exe.

Combine this with another issue in the content disposition header and Mime type, and the browser could be tricked into downloading and running a program without any download dialogs or warnings at all.

Microsoft has acknowledged that IE versions 5.5 and 6 are vulnerable and has given the flaw a ‘critical’ rating.

Microsoft’s advisory can be seen here and Online Solutions has set up a vulnerability test here.


Feedback

This post has no feedback yet.

Do you have any thoughts you want to share? A question, maybe? Or is something in this post just plainly wrong? Then please send an e-mail to vegard at vegard dot net with your input. You can also use any of the other points of contact listed on the About page.


Caution

It looks like you're using Google's Chrome browser, which records everything you do on the internet. Personally identifiable and sensitive information about you is then sold to the highest bidder, making you a part of surveillance capitalism.

The Contra Chrome comic explains why this is bad, and why you should use another browser.