IE attack code released after 'treasure hunt'

By Robert McMillan, IDG News Service |  Security Add a new comment

May 16, 2008, 10:22 AM One week after hiding
Internet Explorer attack code on his Web site, security researcher Aviv
Raff has posted details on how to launch the attack.

The bug lies in the "Print Table of Links" feature, which lets IE
users print out a Web page along with a list of all the links on the page tacked
onto the end. Raff discovered that if an attacker added special scripting code
to a Web page, he could then run unauthorized software on the PCs of IE users
who printed using this feature.

The flaw affects IE 7 and IE 8, Raff said. Security vendor Secunia said that
the bug also affects IE 6.

Because the hack requires that the user be tricked into following so many steps
-- not only visiting a Web page, but then printing a page with this feature
selected -- Secunia has
rated it as a "less critical."

Raff said that the flaw could be a more serious issue if hackers were to add
the code to Web pages that were frequently printed out, such as those on Wikipedia.

The bug has not been patched by Microsoft, which was notified of the issue
just last week.

Raff disclosed the flaw in an unusual way, embedding it in his own Web site
and then inviting other hackers to come and find it. He called this a "treasure
hunt."

The Israeli hacker said that the treasure hunt idea came from a local custom
of playing such games during Israel's Independence Day. The contest
was won Tuesday by someone calling himself "George the Greek."

Microsoft didn't get much time to fix the vulnerability, but Raff said he didn't
feel that Microsoft would address the issue quickly unless he went public with
the vulnerability.

When he has followed Microsoft's responsible disclosure guidelines in the past,
the company has been too slow to fix bugs, he said.

Microsoft is thinking about putting a fix for the problem in an upcoming security
update, the company said in a statement. It too downplayed the risk. "Our
investigation has shown an attack would require significant user interaction,"
the company said. " An attacker would need to convince a user to select
a non-default printing option and print a malicious web page in order for an
attack to be successful."

Though Raff's attack code has been posted
to the Millworm Web site, Microsoft says it's not heard of any attacks that
exploit this vulnerability.

    Add a comment

    Post a comment using one of these accounts
    Or join now
    At least 6 characters

    Note: Comment will appear soon after you have activated your account.
    Obscene/spam comments will be removed and accounts suspended.
    The information you submit is subject to our Privacy Policy and Terms of Service.

    ITworld LIVE

    SecurityWhite Papers & Webcasts

    White Paper

    Overcome Top 7 Admin Challenges of Active Directory

    As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable, enforceable processes that reduces administrative overhead and enables robust, customizable reporting and auditing capabilities. Brought to you by NetIQ.

    White Paper

    Insiders Can Ruin Your Company. Take Action.

    Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in organizations worldwide. This white paper from NetIQ, discusses key technology solutions that help to prevent and detect insider threats.

    White Paper

    Top Solutions and Tools to Prevent Devastating Malware

    Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring (FIM) tools that provide immediate alerts. This white paper has been brought to you by NetIQ, the leader in solving complex IT challenges.

    White Paper

    Streamline Compliance and Increase ROI

    Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will help your business gain the maximum return on investment possible while aligning your compliance programs.

    White Paper

    X-Ray of the PCI Process-4 Proactive Steps

    This white paper from Forrester Research Inc., helps break PCI into understandable components. Security and risk professionals will gain knowledge and insight into creating a compliant and secure IT environment. Follow these four proactive steps now before your next audit. Brought to you by NetIQ.

    See more White Papers | Webcasts

    Answers - Powered by ITworld

    ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

    Join Now

    New questions

    How much will the security flaws in Google Wallet set back the transition to "digital wallets"?
    1 answer
    What mobile apps are the worst offenders to user privacy?
    2 answers
    What are the main advantages/disadvantages of a hybrid cloud model vs. the public cloud?
    2 answers
    How do you bill for independent sales reps in a company IT contract?
    2 answers
    What would it take for you to allow a company to REALLY track all of your web use?
    2 answers
    View more questions

    Ask a question

    Join Now or Sign In to ask a question.
    Ask a Question