IE attack code released after 'treasure hunt'
One week after hiding
Internet Explorer attack code on his Web site, security researcher Aviv
Raff has posted details on how to launch the attack.
The bug lies in the "Print Table of Links" feature, which lets IE
users print out a Web page along with a list of all the links on the page tacked
onto the end. Raff discovered that if an attacker added special scripting code
to a Web page, he could then run unauthorized software on the PCs of IE users
who printed using this feature.
The flaw affects IE 7 and IE 8, Raff said. Security vendor Secunia said that
the bug also affects IE 6.
Because the hack requires that the user be tricked into following so many steps
-- not only visiting a Web page, but then printing a page with this feature
selected -- Secunia has
rated it as a "less critical."
Raff said that the flaw could be a more serious issue if hackers were to add
the code to Web pages that were frequently printed out, such as those on Wikipedia.
The bug has not been patched by Microsoft, which was notified of the issue
just last week.
Raff disclosed the flaw in an unusual way, embedding it in his own Web site
and then inviting other hackers to come and find it. He called this a "treasure
hunt."
The Israeli hacker said that the treasure hunt idea came from a local custom
of playing such games during Israel's Independence Day. The contest
was won Tuesday by someone calling himself "George the Greek."
Microsoft didn't get much time to fix the vulnerability, but Raff said he didn't
feel that Microsoft would address the issue quickly unless he went public with
the vulnerability.
When he has followed Microsoft's responsible disclosure guidelines in the past,
the company has been too slow to fix bugs, he said.
Microsoft is thinking about putting a fix for the problem in an upcoming security
update, the company said in a statement. It too downplayed the risk. "Our
investigation has shown an attack would require significant user interaction,"
the company said. " An attacker would need to convince a user to select
a non-default printing option and print a malicious web page in order for an
attack to be successful."
Though Raff's attack code has been posted
to the Millworm Web site, Microsoft says it's not heard of any attacks that
exploit this vulnerability.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
