IE5 for UNIX is open to numerous security holes ------------------------------------------------------------------------ SUMMARY <http://www.microsoft.com/unix/ie/default.asp> Internet Explorer 5 and Outlook Express are available on both Solaris and HP-UX, but although numerous security patches (service packs and hotfixes) have been released for the Internet Explorer 5.0 for Windows, no such similar patches have been available to UNIX. This does not mean they are not vulnerable but rather that Microsoft has neglected to patch it. The result is that IE for UNIX is vulnerable to most of the recent Internet Explorer security holes, with no means to fix these problems. DETAILS Listed here are the vulnerabilities that were confirmed on IE5 for UNIX. Note that in the exploit code, the file "c:\test.txt" was replaced with "/tmp/test.txt". The substitution also worked with "/etc/passwd". Title: Microsoft Internet Explorer and Outlook/Outlook Express Remote File Write Vulnerability Result: Locks up all running instances of IE, must be manually killed. Title: < http://www.securiteam.com/windowsntfocus/IE_5_Cross-frame_security_vulnerability_using_IFRAME_and_WebBrowser_control.html > Microsoft IE NavigateComplete2 Cross Frame Access Vulnerability Result: same result as Win32. Title: < http://www.securiteam.com/exploits/IE_is_still_vulnerable_to_Cross-frame_security_when_Javascript_is_enabled.html > MS IE 5.01 JSObject Cross-Frame Vulnerability Result: same result as Win32. Title: < http://www.securiteam.com/exploits/Internet_Explorer_s_cross-frame_vulnerability__NavigateAndFind_.html > Microsoft IE external.NavigateAndFind() Cross-Frame Vulnerability Result: same result as Win32. Title: < http://www.securiteam.com/windowsntfocus/Internet_Explorer_5_0_is_vulnerable_to_XML_HTTP_redirect.html > Microsoft IE5 XML HTTP Redirect Vulnerability Result: Causes "Internal Error" (crash) Title: < http://www.securiteam.com/windowsntfocus/Internet_Explorer_vulnerable_to_a__JavaScript_redirect__bug_that_allows_reading_of_local_files.html > Microsoft IE5 JavaScript URL Redirection Vulnerability Result: same result as Win32. Title: < http://www.securiteam.com/exploits/Cross_Site_Scripting_exploit_code_released__Internet_Explorer_.html > Microsoft IE5 IFRAME Vulnerability Result: same result as Win32. -- Eko Sulistiono MIKRODATA & AntiVirus Media Web: http://www.mikrodata.co.id/ WAP: http://www.mikrodata.co.id/wap/index.wml This message contains no viruses. Guaranteed by AVP. ------------------------------------------------------------------------ Forum Komunikasi Penulis-Pembaca MIKRODATA (FKPPM) Informasi : http:[EMAIL PROTECTED] Arsip : http://www.mail-archive.com/forum%40mikrodata.co.id/ WAP : http://mikrodata.co.id/wap/index.wml Milis ini menjadi kontribusi beberapa rubrik yang diasuh tim MIKRODATA. Termasuk rubrik-rubrik yang ada di media lain. Memakai, Menyebarluaskan, dan Memperbanyak software bajakan adalah tindakan kriminal. Please check with the latest AVP update before you ask about virus: ftp://mikrodata.co.id/avirus_&_security/AntiViral_Toolkit_Pro/avp30.zip
