Explanation of ie iframe Vulnerability

The locksmith disclosed details about the extremely dangerous new ie vulnerability IFRAME in this issue.

A new dangerous vulnerability targeting ie6.0 has been exposed, and the method to exploit this vulnerability has also been made public. However, it can only be said that the current vulnerability may cause less damage. There is no complete protection method yet.

Details
US-Cert recently released a vulnerability report, VU #842160, which mentions the recently discovered ie6.0 vulnerability. This vulnerability is related to the boundary errors that the system may cause when processing <frame> and <IFRAME> HTML tags. This problem is very serious. Because remote attackers can run arbitrary code on the system affected by the vulnerability.CodeAt the same time, this vulnerability has been involved in some hacker chat records before the security company reports.

US-Cert described this issue as follows: A buffer overflow vulnerability exists when ie processes the SRC and name attributes of frame and IFRAME. The exposed code that exploits the vulnerability uses JavaScript, which accumulates data blocks consisting of NOP and shell code in the memory. After a long SRC and name attribute is used, ie will discard managing the memory address and overflow the memory to one of the previously prepared stack blocks, execute NOP and the attacker's shell code. If you do not have the ability to prepare stack blocks in advance, it is very difficult to implement attacks.

A Microsoft spokesman said in a response to my question: "Microsoft is studying possible new Internet Explorer vulnerabilities. We have not found any incidents of exploiting the reported vulnerabilities, nor have consumers been affected, but we will pay close attention to this report ."

"Microsoft will take appropriate measures to protect our consumers, possibly by releasing monthly PatchesProgramOr provide unconventional security upgrades, depending on the needs of consumers ."

Redmond software also expressed concern over this irresponsible way of disclosing vulnerability information rather than notifying Microsoft in private: "This method usually puts computer users at risk. We will continue to encourage disclosure of the vulnerability. We believe that directly exploiting vulnerabilities to enterprises will help consumers obtain comprehensive and high-quality upgrade services for security vulnerabilities, without exposing them to the threat of malicious attackers when enterprises are developing patches."

Until the vulnerability message is sent to the hackerCommunityThe vulnerability was reported by AUS-CERT (Australian CERT), US-cert, and secunia. Therefore, it is wise to first notify the software manufacturer of the vulnerability information. Once related vulnerability events are exposed on the Internet, many users will feel that this issue is very important. Security websites will publish the news as soon as possible, so it professionals can take necessary preventive measures.

Microsoft ended its reply to my question in the following words: "If consumers suspect they have been infected, they can contact product support services ). North American users can use the PC Safety Hotline (1-866-pcsafety) for free to seek help on security upgrades or virus problems, international users can use the contact information listed in the http://support.microsoft.com ."

Applicability
Secunia also reported that the vulnerability was found in IE 2000 running Windows 6.0 and Windows XP (even if XP installed with Service Pack 1. However, secunia (and US-Cert) also reported that XP SP2 will not be threatened.

US-Cert also warned that the same vulnerability may exist in other applications controlled by webbrowser ActiveX, such as Microsoft Outlook, Outlook Express, AOL, and Lotus Notes.

The AUS-CERT confirms that XP SP2 is not threatened by this vulnerability. But AUS-CERT also warned that in the future XP SP2 may be affected by more sophisticated attacks against the same vulnerability.

Threat level-from extremely serious to extremely dangerous
Secunia rated this vulnerability as "extremely critical )". This vulnerability may cause Internet Explorer to crash and allow attackers to execute arbitrary code on the system. Anti-virus software does not seem to be able to prevent such threats.

Mitigation
Windows XP installed with SP2 is obviously not affected. Therefore, if the sp2 patch is installed on Windows XP, this vulnerability can be avoided.

Attackers may attract users to a malicious site or lure them into opening an HTML email. The system administrator needs to emphasize to the user that they should be highly vigilant against the two attack methods.

Completely solved? Or is it just part?
According to the secunia and US-Cert reports, there is no complete solution to this problem. But obviously, opening an email in plain text mode can be used to eliminate major threats. You can also disable activity scripts and upgrade Windows XP to SP2. AUS-CERT also recommends using other Web browsers as a solution.

Conclusion
This report does make me feel that I had completely cleared a hard disk two weeks ago and installed Windows XP Pro with SP2 patches. This is my main operating system before SP2 is infected. (So far, everything is fine. Although I know many people are in trouble, the vulnerability does not pose a substantial threat to SP2 .)