Outpost 個人防火牆 - File Download Dialog Box Manipulation Vulnerability in Internet Explorer

Agnitum Security Advisories

ASA-12-0512-4: ASA-13-0512-3: File Download Dialog Box Manipulation Vulnerability in Internet Explorer

Vulnerability summary:

Vulnerability details:

Tech brief:

Remote code execution vulnerability exists in how Microsoft Internet Explorer handles commands from a user when the file download dialog box is active. According to the Microsoft's report, an attacker could construct a malicious website and persuade people to visit it. There, when the file download box has appeared, a user may unknowingly select the wrong button or double-click on the wrong element within a page when a normal dialog window is substituted with a fake field. In a typical attack, custom download window would appear on the foreground, while the visitor would see objects in the background and unwittingly perform the wrong action.

This vulnerability enables an attacker to execute code on the target system with elevated privileges. In order to exploit the vulnerability, an attacker would have to get people to visit the site by sending forged email or by displaying an inciting banner that lures people in. After that, an attacker would have to create a special dialog window that would trick visitors into selecting the wrong command, leading to execution of arbitrary code on the affected system. The vulnerability is limited due to high degree of user intervention needed to successfully exploit it.

Vendor reference information:

Vendor details pertaining to the problem are available here:
http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx

General Mitigating Recommendations:

Install latest vendor patches available at http://windowsupdate.microsoft.com.

Do not visit doubtful sites or at least limit what executable content can be run on those murky sites.

Know how to identify Internet hoaxes and do not react to them. Try reporting cases to appropriate authorities.

Try using alternate browser such as Firefox or Opera.

How Outpost Firewall PRO protects you:

Real-time spyware protection prevents spyware infestation.

Outpost protects the user's system from unauthorized access and intrusions, and alerts users when malicious code attempts to execute or access the network.

Disclaimer:

Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

關於Version 2 Limited

Version 2 Limited 是亞洲其中一間最有活力的IT公司，公司發展及代理各種不同的互聯網及IP-Based 網絡IT產品，當中包括通訊系統、保安、網絡及媒體產品。透過公司龐大的網絡、銷售點、分銷商及合作顆伴，Version 2 Limited 便可提供廣被市場讚賞的產品及服務。Version 2 Limited 客戶來自各行各業，包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的客戶。

如對產品有興趣，可瀏覽以下網址:
http://www.version-2.com/op
http://www.version-2.com/nod32op