20100204

Problem ID: 8263154626324398556
Entered by: Ben Simo

Is your computer a public file server?

"A successful compromise will result in an attacker being able
to blindly read every single file in the local drive"

- Jorge Luis Alvarez Medina, CORE Security Technologies


"Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location."




More:



Microsoft Warns of Another IE Bug
ChannelWeb
An attacker could then break into a user's machine to access data stored on a remote hard drive, if they knew the exact file name and location.


Nasty new IE bug exposes your files (please panic now!)
Richi Jennings, ComputerWorld Blogs
Microsoft has confirmed a thoroughly revolting vulnerability in all versions of Internet Explorer. It means that bad guys can read your files remotely.


Microsoft responds to Black Hat talk with IE bug advisory
SC Magazine
The software giant admitted to the vulnerability after researchers at Core Security Technologies, provider of penetration testing software, revealed the issue during a presentation this week at the Black Hat conference in Washington, D.C.



Abusing Insecure Features of Internet Explorer
Jorge Luis Alvarez Medina, Core Labs
Design features of Internet Explorer that entail low security risk if considered individually but can lead to interesting attack vectors when combined together.

  Edit

1 Comment:

February 4, 2010 at 11:00 PM  
Comment ID: 6024396494626716837
Written by: Ben Simo

A workaround?

http://support.microsoft.com/kb/980088

Post a Comment