Spyware Doctor
Spyware Doctor with AntiVirus
PC Tools AntiVirus
PC Tools Internet Security
PC Tools Firewall Plus
ThreatFire
Spam Monitor
iAntiVirus for Mac OS X
Registry Mechanic
Desktop Maestro
File Recover
Privacy Guardian
PC Tools Disk Suite
Spyware Doctor Enterprise
Help me choose
Browser Print Template and File Upload via Form Vulnerabilities
Four security vulnerabilities exist in Internet Explorer which could enable a malicious web site operator to take unauthorized actions or read files on the computer of a user who visited their site.
Issue
The four security vulnerabilities eliminated by this patch are unrelated to each other except by the fact that they all occur in the same .dll. We have packaged the fix for all three issues together in one updated .dll together for customer convenience. The vulnerabilities are:
- The "Browser Print Template" vulnerability, which affects IE 5.5 only. IE 5.5 introduces a new feature known as Print Templates, which provides the ability to customize how browser pages will look when they’re previewed and printed. A vulnerability exists in the feature that would enable a web application to invoke a custom print template without garnering approval from the user. This poses a security hazard because Print templates are, by design, trusted code and therefore able to execute ActiveX controls, even ones that are not marked as safe for scripting.
- The "File Upload via Form" vulnerability, which affects IE versions 5.0 through 5.5. The INPUT TYPE element supports a variety of methods of providing input via HTML forms, one of which allows the user to specify the name of a file to upload to the site. Subject to a number of constraints, it could be possible for a web application to fill in this field with the name of a desired file and then submit the form.
- A new variant of the "Scriptlet Rendering" vulnerability, which affects IE version 5.0 through 5.5. The original variant, discussed in Microsoft Security Bulletin MS00-055, involved the ability to render non-HTML file types. This could enable a malicious web site operator to provide bogus information consisting of script, solely for the purpose of introducing it into an IE system file with a known name, then render the file to execute the script. The net effect would be to make the script run in the Local Computer Zone, at which point it could access files on the user's local file system. The new variant operates in exactly the same way, but uses a different mechanism to render the file.
- A new variant of the "Frame Domain Verification" vulnerability, which affects IE versions 5.5 through 5.0. As discussed in Microsoft Security Bulletin MS00-033 and MS00-055, several functions do not enforce proper separation of frames in the same window that reside in different domains. The new variant involves an additional function with the same flaw. The net effect of the vulnerability would be to enable a malicious web site operator to open two frames, one in his domain and another on the user’s local file system, and enable the latter to pass information to the former. This patch eliminates all known variants of this vulnerability.
Affected Products
- Microsoft Internet Explorer 5.x
Download
Patch: http://www.microsoft.com/windows/ie/download/critical/279328.htm
Further Details
Source: Microsoft Corporation
Updated: December 1, 2000
>> Recommended Download - secure your PC from spyware, adware and malware now with Spyware Doctor <<
