For every question, there's an answer -- and you'll find it here!


Printer-friendly copy
Top The PC Q&A Forum The Computer Forum topic #1118
View in linear mode

Subject: "Microsoft Security Bulletin MS01-058 ..." Previous topic | Next topic
ScotterpopsSat Dec-15-01 06:05 AM
Charter member
4489 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
"Microsoft Security Bulletin MS01-058 ..."


          

This is an important one folks.   There is a significant security problem with IE5.5 & 6 that I've been reading about for the last week or so.   Hopefully, this patch addresses that issue.   Here's a little more information:


Microsoft Security Bulletin MS01-058

13 December 2001 Cumulative Patch for IE


Summary
Who should read this bulletin:
Customers using Microsoft® Internet Explorer.

Impact of vulnerability: Run code of attacker’s choice.

Maximum Severity Rating: Critical

Recommendation: Customers using IE should install the patch immediately.

Affected Software:
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0

Technical description:
This is a cumulative patch that, when installed, eliminates all previously discussed security vulnerabilities affecting IE 5.5 and IE 6. In addition, it eliminates three newly discovered vulnerabilities.
  • The first vulnerability involves a flaw in the handling of the Content-Disposition and Content-Type header fields in an HTML stream. These fields, the hosting URL, and the hosted file data determine how a file is handled upon download in Internet Explorer. A security vulnerability exists because, if an attacker altered the HTML header information in a certain way, it could be possible to make IE believe that an executable file was actually a different type of file -- one that it is appropriate to simply open without asking the user for confirmation. This could enable the attacker to create a web page or HTML mail that, when opened, would automatically run an executable on the user's system. This vulnerability affects IE 6.0 only. It does not affect IE 5.5.
  • The second vulnerability is a newly discovered variant of the "Frame Domain Verification" vulnerability discussed in Microsoft Security Bulletin MS01-015. The vulnerability could enable a malicious web site operator to open two browser windows, one in the web site’s domain and the other on the user’s local file system, and to pass information from the latter to the former. This could enable the web site operator to read, but not change, any file on the user’s local computer that could be opened in a browser window. This vulnerabilty affects both IE 5.5 and 6.0.
  • The third vulnerability involves a flaw related to the display of file names in the File Download dialogue box. When a file download is initiated, a dialogue provides the name of the file. However, in some cases, it would be possible for an attacker to misrepresent the name of the file in the dialogue. This could be invoked from a web page or in an HTML email in an attempt to fool users into accepting unsafe file types from a trusted source. This vulnerabilty affects both IE 5.5 and 6.0.


Patch Availablility:
Security Update, December 13, 2001


Read up and ... Enjoy!


;~* ... Scotterpops





;~* ... Scott Gilmore

  

Alert Printer-friendly copy | | Top

Replies to this topic
Subject Author Message Date ID
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
1
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
2
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
3
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
5
      RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
10
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
4
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
6
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
7
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
8
RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
9
      RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
11
           RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
12
           RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
14
           RE: Microsoft Security Bulletin MS01-058 ...
Dec 15th 2001
13

BobGuySat Dec-15-01 06:33 AM
Charter member
2203 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#1. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 0)


          

>>>Read up and ... Enjoy!

I sure am enjoying this, you have no idea how much!

Don't forget to post the "patch to the patch" when it comes out... most likely next week. LOL.

By the way, have you downloaded the latest virus definitions today?
Go ahead... I'll wait

BobGuy©
Disclaimer: No Micro$oft products were used in the creation of this reply.

  

Alert Printer-friendly copy | | Top

DarrenSat Dec-15-01 06:34 AM
Charter member
9461 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#2. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 0)


  

          

Thanks Scotter...I got it. Marti mentioned it earlier. Thanks Marti.

  

Alert Printer-friendly copy | | Top

rhbowlerSat Dec-15-01 06:46 AM
Charter member
1482 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy listClick to send message via AOL IMClick to send message via ICQ
#3. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 0)


  

          

Must be that brain tumor you were talkin about actin' up again Scotter, Marti posted it this morning. LOL.

http://www.pcnineoneone.com/dcforum/computer/29469.html


RussH






  

Alert Printer-friendly copy | | Top

    
ScotterpopsSat Dec-15-01 06:52 AM
Charter member
4489 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#5. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to rhbowler (Reply # 3)


          

Oops!   Sorry.   I didn't see her post.


;~* ... Scotterpops





;~* ... Scott Gilmore

  

Alert Printer-friendly copy | | Top

        
McGeeSat Dec-15-01 09:10 AM
Charter member
2972 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#10. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 5)


          

Scotter, don't feel bad. Marti posted the info quicker, but your post went into more detail. It also initiated conversation into exactly what can happen. Besides, with something like that, I would rather hear it twice than not at all.

McGee

  

Alert Printer-friendly copy | | Top

ScotterpopsSat Dec-15-01 06:51 AM
Charter member
4489 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#4. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 0)


          

In case any of you were wondering if it's important for you to install this patch, here is an example of why you might wish to do so.   I found this information at the DSL Reports Security forum.

The following link appears to be a link to a DOC file.   Using IE5.5 or 6, hold your mouse over the link for a moment and look at your Status bar.   See the full URL?   See that it seems to indicate that it points to a DOC?   Try clicking the link (it's actually calc.exe, the Windows calculator program -- harmless, so don't worry).   Once you've patched your computer, try it again.   See the difference?   Once patched, the download dialog box tells you that it is an executable, not a DOC.

http://208.212.86.151/test.doc

Think of the significance of this.


;~* ... Scotterpops





;~* ... Scott Gilmore

  

Alert Printer-friendly copy | | Top

    
ChickenmanSat Dec-15-01 08:19 AM
Charter member
4618 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#6. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 4)


          

Holy s**t!!!

  

Alert Printer-friendly copy | | Top

        
ScotterpopsSat Dec-15-01 08:31 AM
Charter member
4489 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#7. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Chickenman (Reply # 6)


          

I couldn't have said it better myself.


;~* ... Scotterpops





;~* ... Scott Gilmore

  

Alert Printer-friendly copy | | Top

    
WhitPhilSat Dec-15-01 09:01 AM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#8. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 4)


          

"it's actually calc.exe, the Windows calculator program "

It IS Calc.exe, BUT it it NOT the Windows calculator program. It's an app appropriately named ScaryApp, that "seems" innocuous.

  

Alert Printer-friendly copy | | Top

    
JPSat Dec-15-01 09:05 AM
Charter member
9570 posts
Click to send email to this author Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#9. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 4)


          

Well, this is an interesting turn of events here Scotterpops

Working in XP Pro, I clicked on that link and got a fresh browser window that says:

You are downloading the file:
test.doc from 208.212.86.151


With the normal stuff to open, save, or whatever. Nice little touch to XP Pro, that would stop me from proceeding on what appears to be a harmless link. Still, it's the user who decides though.

JP

  

Alert Printer-friendly copy | | Top

        
WhitPhilSat Dec-15-01 09:13 AM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#11. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to JP (Reply # 9)


          

A similar thing happens with IE5.01.

If you do the save, you should get a CALC.exe file and similarly, if you select Open, the EXE will eventually run. After selecting Open, I received a similar window, except with Calc.exe showing and RUN as an option. Selecting run resulted in a Security Warning about Authenticode signature missing. Selecting OK, results in the program running.

  

Alert Printer-friendly copy | | Top

            
ScotterpopsSat Dec-15-01 09:34 AM
Charter member
4489 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#12. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to WhitPhil (Reply # 11)


          

Hmmm, my installations of IE5.01 show CALC.EXE as the file being downloaded, not the rogue DOC file.   Have you been keeping your IE5.01 up to date with the recommended patches?   This patch updates several previous patches for IE (MS00-033, MS00-055, MS00-093 and MS01-015).


;~* ... Scotterpops





;~* ... Scott Gilmore

  

Alert Printer-friendly copy | | Top

                
WhitPhilSat Dec-15-01 07:47 PM
Charter member
965 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#14. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to Scotterpops (Reply # 12)


          

If you select Save as, the Calc.exe is saved. Correct.

BUT, if you select OPEN, you get the sequence as I indicated above.

  

Alert Printer-friendly copy | | Top

            
BobGuySat Dec-15-01 09:54 AM
Charter member
2203 posts
Click to send private message to this authorClick to view this author's profileClick to add this author to your buddy list
#13. "RE: Microsoft Security Bulletin MS01-058 ..."
In response to WhitPhil (Reply # 11)


          

Thanks for that test link Scotterpops, it sure was fun playing with it



The diagnostic is: if your using Konqueror the web browser it's no probem

Although I wonder what "application/octet-stream" has to do with a calculator.

Looks like GNU/Linux really is Micro$oft hostile after all.

BobGuy©
Disclaimer: No Micro$oft products were used in the creation of this reply.

  

Alert Printer-friendly copy | | Top

Top The PC Q&A Forum The Computer Forum topic #1118 Previous topic | Next topic
Powered by DCForum+ Version 1.27
Copyright 1997-2003 DCScripts.com
Home
Links
About PCQandA
Link To Us
Support PCQandA
Privacy Policy
In Memoriam
Acceptable Use Policy

Have a question or problem regarding this forum? Check here for the answer.