From; PANDA Oxygen3 24h-365d: "Man is the only creature that strives to surpass himself, and yearns for the impossible." Eric Hoffer (1902 - 1983); US writer and philosopher. - Vulnerability in the Internet Explorer ITS protocol handler - Oxygen3 24h-365d, by Panda Software (http://www.pandasoftware.com) Madrid, April 13, 2004 - US-CERT has reported -at http://www.us-cert.gov/cas/techalerts/TA04-099A.html - a security flaw in Microsoft Internet Explorer (IE) that could allow an attacker to run arbitrary code with the privileges of the user of the browser. This vulnerability, which allows an attacker to read and handle data on websites in other domains or zones, lies in how ITS protocol handlers determine the security domain of an HTML component stored in a Compiled HTML Help (CHM) file. The HTML Help system uses the underlying components of Microsoft Internet Explorer. This security flaw arises when Internet Explorer references an inaccessible or non-existent MHTML file using the ITS and mhtml protocols. As a result, the ITS protocol tries to access the CHM file from an alternate source. The browser treats the CHM file incorrectly, treating it as if it were in the same domain as the unavailable MHTML file. If a specially crafted URL is used in this context, an attacker can cause arbitrary script in a CHM file to be run in a different domain, violating the cross-domain security model. Internet Explorer, Outlook and Outlook Express are affected by this vulnerability, which can also affect any program that uses the WebBrowser ActiveX Control or the IE HTML rendering engine. At the moment, a solution is not available for this security flaw, and therefore, until a patch is released, it is recommendable to disable ITS protocol handlers by deleting or renaming the following registry keys: ms-its,ms-itss,its,mk, in: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ NOTE: The address above may not show up on your screen as a single line. This would prevent you from using the link to access the web page. If this happens, just use the 'cut' and 'paste' options to join the pieces of the URL. ------------------------------------------------------------ The 5 viruses most frequently detected by Panda ActiveScan, Panda Software's free online scanner: 1) Netsky.P; 2) Netsky.D; 3) Netsky.B; 4) Nachi.B; 5)Downloader.L. ------------------------------------------------------------ Mike ~ It is a good day if I learned something new. Editor MikesWhatsNews see a sample on my web page http://www3.telus.net/mikebike <mikeswhatsnews-request@xxxxxxxxxxxxx?Subject=subscribe> http://www3.telus.net/mikebike/worm_removal.htm See my Anti-Virus pages http://virusinfo.hackfix.org/index <virusinfo-request@xxxxxxxxxxxxx?Subject=subscribe> A Technical Support Alliance and OWTA Charter Member