Looks like 2002 is starting off the way 2001 was going, with resident IE and bug hunter/guru, George Guninski, having found another hole in IE, this time relating to an earlier bug, the GetObject(), which he first reported back on the 26th September 2000, allowing an outside attacker to view known files on a remote system.
The original vulnerability was due to a flaw in Windows Script Host (WSH), WSH does not properly verify a domain for certain requests in IE and Outlook Express. This flaw just side steps the patch that was developed by Microsoft for the WSH.
Description:
IE allows reading local files due to a bug in GetObject().
Reading local files may lead to executing arbitrary programs.
Vunerable systems:
IE 6.0, IE 5.5sp2, IE 5.5sp1, IE 5.5, running on Win95/98/ME/NT/2k
The new bug is quite similar to the George Guninski: GetObject() expose user's files vunerability, the difference being:
----------------------
a=GetObject("http://"+location.host+"/../../../../../../test.txt","htmlfile");
----------------------
It is funny that directory traversal on a http: URL leads to reading local files.
Workaround/Solution:
Disable Active Scripting and never turn it on.
Better, do not use IE in hostile environments such as the internet.
Vendor status:
Microsoft was notified on 11 December 2001.
They had 3 weeks to produce a patch but didn't.
News source: George Guninski - GetObject() problem, directory traversal on a http: URL (1st January 2002)
View: George Guninski - Original vunerability: GetObject() expose user's files (26th September 2000)
View: SecurityFocus Bugtraq notification: 3767 - IE GetObject File Disclosure Vulnerability (1st January 2002)
Additional Information:
New proof of concept code for the original GetObject() vulnerability can affect users who have already applied the Microsoft WSH supplied patch. The new code uses Base64 encoding embedded within the HTML, which effectively bypasses the security provided by the patch.
View Proof Of Concept Exploit: "htmlfile_FWE-exploit.htm", which affects WSH patched systems (Markus Kern)
The original vulnerability was due to a flaw in Windows Script Host (WSH), WSH does not properly verify a domain for certain requests in IE and Outlook Express. This flaw just side steps the patch that was developed by Microsoft for the WSH.
Description:
IE allows reading local files due to a bug in GetObject().
Reading local files may lead to executing arbitrary programs.
Vunerable systems:
IE 6.0, IE 5.5sp2, IE 5.5sp1, IE 5.5, running on Win95/98/ME/NT/2k
The new bug is quite similar to the George Guninski: GetObject() expose user's files vunerability, the difference being:
----------------------
a=GetObject("http://"+location.host+"/../../../../../../test.txt","htmlfile");
----------------------
It is funny that directory traversal on a http: URL leads to reading local files.
Workaround/Solution:
Disable Active Scripting and never turn it on.
Better, do not use IE in hostile environments such as the internet.
Vendor status:
Microsoft was notified on 11 December 2001.
They had 3 weeks to produce a patch but didn't.
News source: George Guninski - GetObject() problem, directory traversal on a http: URL (1st January 2002) View: George Guninski - Original vunerability: GetObject() expose user's files (26th September 2000) View: SecurityFocus Bugtraq notification: 3767 - IE GetObject File Disclosure Vulnerability (1st January 2002)Additional Information:
New proof of concept code for the original GetObject() vulnerability can affect users who have already applied the Microsoft WSH supplied patch. The new code uses Base64 encoding embedded within the HTML, which effectively bypasses the security provided by the patch.
View Proof Of Concept Exploit: "htmlfile_FWE-exploit.htm", which affects WSH patched systems (Markus Kern)
Apple, which declined to comment on the products, has begun dropping big hints ahead of launches.
"This one really takes the cake," said Mac Observer, www.macobserver.com, commenting that the company had been stepping up the hype for its events for six months.
"The rumors are flying and Apple has all but ensured that they will continue to do so."
Apple launched its first consumer device in nearly a decade with the iPod and Jobs said he was considering developing a Windows version of the device.
The iPod links to the Macintosh through the iTunes software. That is based on Apple's cross-platform QuickTime media player, which would allow Apple to port the iPod to Windows, said financial analyst David Bailey of Gerard Klauer Mattison.
Apple might also extend its vision of the personal computer as the hub of the "digital lifestyle" by introducing a consumer device for video, Bailey speculated.
He raised Apple to Outperform from Neutral Wednesday, forecasting that Mac fans would buy new gear with the maturation of OS X, the new operating system announced last year, new desktop computers and a higher profile for Apple thanks to its new retail stores.
But with the threat education spending could dip in the weak economy, hurting a key Apple market, and the product transitions in store, Bailey reduced his earnings per share forecast for fiscal 2002 by 3 cents to 52 cents, compared with Apple's 2001 loss of 27 cents, which was driven by a first- quarter loss of 73 cents per share.
Apple, one of the first to feel the chill of the cooling economy in late 2000, suffered with the rest of the personal computer industry in 2001, repeatedly cutting its sales forecast.
But the stock fared well, rising 45 percent and attracting investors with a horde of cash worth more than half the current stock price and a strong brand name.
It also introduced OS X, the most substantial upgrade to its operating system since it introduced the Macintosh in 1984 and began touting the personal computer as the digital hub.
Certainly Apple fans are salivating, even if they are wary of the hype.
"I hope I fall out of my chair and knock myself out," wrote "Antman" on a MacObserver forum. "Ok ... maybe not that last part, but Apple has its work cut out."
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.