IE hole could be used to open 'back door'
By Joris Evers
(IDG) -- An attacker could trick a user of Microsoft Corp.'s Internet Explorer (IE) Web browser into downloading and running a malicious program by disguising it as an innocent file, a Finnish security company has warned.
The file name as it appears in the IE file download dialog box can be faked by using certain URLs (Uniform Resource Locators) and HTTP (HyperText Transport Protocol) headers on a Web page, making the user think he is opening a media file when in fact he is installing a "back door" on his PC, according to Oy Online Solutions Ltd. A back door is a program that can be used by hackers to enter a user's PC.
IE won't show the warnings it typically displays when a program file is downloaded or opened, because the .exe file extension may have been hidden or replaced with another such as .txt or .htm. The file is run without any warnings because IE, just as the user, thinks it is a harmless file, Oy Online Solutions said.
Details of the vulnerability were first released on the Bugtraq mailing list in late November. Microsoft at the time did not consider it a flaw, but will now release a patch, Jyrki Salmi, managing director of the Finnish Internet security company, said on Thursday.
"Microsoft has forwarded us the initial patch. It appears to be working and should be available next week," he said.
Salmi declined to say why Microsoft changed its mind. It has been suggested that the vulnerability could be exploited to automatically download and run programs on a user's PC, without even showing a faked file name in a dialog box. Salmi wouldn't confirm or deny this, saying only that it would become clear when the patch is released.
Affected are IE 5.0, 5.5 and 6, according to Salmi. Users are advised to disable file downloading or be very cautions about downloading files until the patch becomes available, said Salmi.
In general, users should be careful when downloading files from untrusted Web sites, Salmi said, adding that a trusted site could be hacked and thus dangerous as well.
Besides back doors, the vulnerability could also be exploited to install tools used in distributed denial of service (DDoS) attacks, format hard disks, or spread viruses, the Finnish security company said.
Guninski finds another hole in MS Exchange security
March 29, 2001
New security hole found in Microsoft Internet Explorer
November 23, 2000
RELATED IDG.net STORIES:
Gokar worm spreads by e-mail, Web, chat
Hole found in login function of Sun, IBM Unix
WorldCom network security hole fixed with help of hacker
MS warns of another hole in Outlook Web Access
Security hole in IE reveals data in cookies
Industry group wants software holes kept mum
Microsoft's digital rights management hacked
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
TECHNOLOGY TOP STORIES:
Report: SUVs pose danger to cars
New telemarketer tool trumps TeleZapper
Terra Lycos logs $2.2B loss
AOL to offer song downloads
Microsoft seeks fiscal fountain of youth
|Back to the top|