[virusinfo] Oxygen3 24h-365d [Vulnerability in the Internet Explorer ITS prot ocol handler - 04/13/04] - virusinfo

[virusinfo] Oxygen3 24h-365d [Vulnerability in the Internet Explorer ITS prot ocol handler - 04/13/04]

From: "Mike" <mikebike@xxxxxxxxx>
To: virusinfo@xxxxxxxxxxxxx
Date: Wed, 14 Apr 2004 09:36:12 -0700

From; PANDA Oxygen3 24h-365d:

"Man is the only creature that strives to surpass himself, 
                       and yearns for the impossible." 
           Eric Hoffer (1902 - 1983); US writer and philosopher.

           - Vulnerability in the Internet Explorer ITS protocol handler -
       Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com)

Madrid, April 13, 2004 - US-CERT has reported -at
http://www.us-cert.gov/cas/techalerts/TA04-099A.html - a security flaw in
Microsoft Internet Explorer (IE) that could allow an attacker to run
arbitrary code with the privileges of the user of the browser. 

This vulnerability, which allows an attacker to read and handle data on
websites in other domains or zones, lies in how ITS protocol handlers
determine the security domain of an HTML component stored in a Compiled HTML
Help (CHM) file. The HTML Help system uses the underlying components of
Microsoft Internet Explorer.
 
This security flaw arises when Internet Explorer references an inaccessible
or non-existent MHTML file using the ITS and mhtml protocols. As a result,
the ITS protocol tries to access the CHM file from an alternate source. The
browser treats the CHM file incorrectly, treating it as if it were in the
same domain as the unavailable MHTML file. If a specially crafted URL is
used in this context, an attacker can cause arbitrary script in a CHM file
to be run in a different domain, violating the cross-domain security model.

Internet Explorer, Outlook and Outlook Express are affected by this
vulnerability, which can also affect any program that uses the WebBrowser
ActiveX Control or the IE HTML rendering engine. At the moment, a solution
is not available for this security flaw, and therefore, until a patch is
released, it is recommendable to disable ITS protocol handlers by deleting
or renaming the following registry keys: ms-its,ms-itss,its,mk, in:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\
 
NOTE: The address above may not show up on your screen as a single line.
This would prevent you from using the link to access the web page. If this
happens, just use the 'cut' and 'paste' options to join the pieces of the
URL.

------------------------------------------------------------

The 5 viruses most frequently detected by 
Panda ActiveScan, Panda Software's free online scanner: 
1) Netsky.P; 2) Netsky.D; 3) Netsky.B; 4) Nachi.B;
 5)Downloader.L.

------------------------------------------------------------
Mike ~ It is a good day if I learned something new.
Editor MikesWhatsNews see a sample on my web page
http://www3.telus.net/mikebike
<mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe>
http://www3.telus.net/mikebike/worm_removal.htm
See my Anti-Virus pages  http://virusinfo.hackfix.org/index
<virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe>
A Technical Support Alliance  and OWTA Charter Member

[virusinfo] Oxygen3 24h-365d [Vulnerability in the Internet Explorer ITS prot ocol handler - 04/13/04]

Other related posts: