Executive Summary
Summary | |
---|---|
Title | Vulnerability in Internet Explorer Could Allow Information Disclosure |
Informations | |||
---|---|---|---|
Name | KB980088 | First vendor Publication | 2010-02-03 |
Vendor | Microsoft | Last vendor Modification | 2010-06-09 |
Severity (Vendor) | N/A | Revision | 1.0 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Microsoft is investigating a publicly reported vulnerability in Internet Explorer for customers running Windows XP or who have disabled Internet Explorer Protected Mode. This advisory contains information about which versions of Internet Explorer are vulnerable as well as workarounds and mitigations for this issue. Our investigation so far has shown that if a user is using a version of Internet Explorer that is not running in Protected Mode an attacker may be able to access files with an already known filename and location. These versions include Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service 4; Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4; and Internet Explorer 6, Internet Explorer 7, and Internet Explorer 8 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, and Windows Server 2003 Service Pack 2. Protected Mode prevents exploitation of this vulnerability and is running by default for versions of Internet Explorer on Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008. The vulnerability exists due to content being forced to render incorrectly from local files in such a way that information can be exposed to malicious websites. Microsoft has released MS10-035 to address the known vector for the main issue in Internet Explorer 7 and Internet Explorer 8, which are the newer versions of Internet Explorer. However, all versions of Internet Explorer remain subject to an issue that, if an attacker is able to cache content in a predictable location on a user's system, and is able to determine the user name, then the attacker may be able to view files on the local system to which the user has access. At this time, we are unaware of any attacks attempting to use this vulnerability. We will continue to monitor the threat environment and update this advisory if this situation changes. On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs. We are actively working with partners in our Microsoft Active Protections Program (MAPP) and our Microsoft Security Response Alliance (MSRA) programs to provide information that they can use to provide broader protections to customers. In addition, we are actively working with partners to monitor the threat landscape and take action against malicious sites that attempt to exploit this vulnerability. Microsoft continues to encourage customers to follow the "Protect Your Computer" guidance of enabling a firewall, applying all software updates and installing anti-virus and anti-spyware software. Additional information can be found at Security at home. Mitigating Factors:
General InformationOverviewPurpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the Mitigating Factors, Workarounds, and Suggested Actions sections of this security advisory. Advisory Status: The issue is currently under investigation. Recommendation: Review the suggested actions and configure as appropriate.
This advisory discusses the following software.
Frequently Asked QuestionsWhat is the scope of the advisory? Is this a security vulnerability that requires Microsoft to issue a security update? How could an attacker exploit this vulnerability? How does Protected Mode in Internet Explorer on Windows Vista and later protect me from this vulnerability? I am using Windows XP or have turned off Protected Mode. Are there any mitigations I can implement to protect against this issue? What does the Internet Explorer Network Protocol Lockdown FixIt in the Workarounds section do? Is it true that an attacker exploiting this vulnerability can view a victims hard drive? How might an attacker use this? What about the concern that an attacker could view a user's files and other information? Suggested Actions
WorkaroundsMicrosoft has tested the following workarounds. Although these workarounds will not correct the underlying vulnerability, they help block known attack vectors. When a workaround reduces functionality, it is identified in the following section. Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zonesYou can help protect against exploitation of this vulnerability by changing your settings for the Internet security zone to prompt before running ActiveX controls and Active Scripting. You can do this by setting your browser security to High. To raise the browsing security level in Internet Explorer, follow these steps:
Note If no slider is visible, click Default Level, and then move the slider to High. Note Setting the level to High may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly even with the security setting set to High. Impact of workaround. There are side effects to prompting before running ActiveX Controls and Active Scripting. Many Web sites that are on the Internet or on an intranet use ActiveX or Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use ActiveX Controls to provide menus, ordering forms, or even account statements. Prompting before running ActiveX Controls or Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run ActiveX Controls or Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone". Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone. To do this, follow these steps:
Note Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update. Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zoneYou can help protect against exploitation of this vulnerability by changing your settings to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone. To do this, follow these steps:
Note Disabling Active Scripting in the Internet and Local intranet security zones may cause some Web sites to work incorrectly. If you have difficulty using a Web site after you change this setting, and you are sure the site is safe to use, you can add that site to your list of trusted sites. This will allow the site to work correctly. Impact of workaround. There are side effects to prompting before running Active Scripting. Many Web sites that are on the Internet or on an intranet use Active Scripting to provide additional functionality. For example, an online e-commerce site or banking site may use Active Scripting to provide menus, ordering forms, or even account statements. Prompting before running Active Scripting is a global setting that affects all Internet and intranet sites. You will be prompted frequently when you enable this workaround. For each prompt, if you feel you trust the site that you are visiting, click Yes to run Active Scripting. If you do not want to be prompted for all these sites, use the steps outlined in "Add sites that you trust to the Internet Explorer Trusted sites zone". Add sites that you trust to the Internet Explorer Trusted sites zone After you set Internet Explorer to require a prompt before it runs ActiveX controls and Active Scripting in the Internet zone and in the Local intranet zone, you can add sites that you trust to the Internet Explorer Trusted sites zone. This will allow you to continue to use trusted Web sites exactly as you do today, while helping to protect you from this attack on untrusted sites. We recommend that you add only sites that you trust to the Trusted sites zone. To do this, follow these steps:
Note Add any sites that you trust not to take malicious action on your system. Two in particular that you may want to add are *.windowsupdate.microsoft.com and *.update.microsoft.com. These are the sites that will host the update, and it requires an ActiveX Control to install the update. Enable Internet Explorer Network Protocol Lockdown for Windows XP or systems with Protected Mode disabledWarning If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk. To lockdown the file protocol, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.
You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. For more information about Group Policy, visit the following Microsoft Web sites:
You can apply this .reg file to individual systems by double-clicking it. You can also apply it across domains by using Group Policy. How to undo the workaround. To reverse this workaround, paste the following text in a text editor such as Notepad. Then, save the file by using the .reg file name extension.
Enable Internet Explorer Network Protocol Lockdown using automated Microsoft Fix ItSee Microsoft Knowledge Base Article 980088 to use the automated Microsoft Fix it solution to enable or disable this workaround. Impact of workaround. HTML content from UNC paths in the Internet / Local Intranet / Restricted zones will no longer automatically run script or ActiveX controls. |
Original Source
Url : http://www.microsoft.com/technet/security/advisory/980088.mspx |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:7145 | |||
Oval ID: | oval:org.mitre.oval:def:7145 | ||
Title: | Cross-Domain Information Disclosure Vulnerability (CVE-2010-0255) | ||
Description: | Microsoft Internet Explorer 5.01 SP4, 6, 6 SP1, 7, and 8 does not prevent rendering of non-HTML local files as HTML documents, which allows remote attackers to bypass intended access restrictions and read arbitrary files via vectors involving JavaScript exploit code that constructs a reference to a file://127.0.0.1 URL, aka the dynamic OBJECT tag vulnerability, as demonstrated by obtaining the data from an index.dat file, a variant of CVE-2009-1140 and related to CVE-2008-1448. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2010-0255 | Version: | 11 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Vista Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows 7 | Product(s): | Microsoft Internet Explorer 7 Microsoft Internet Explorer 8 |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2010-06-09 | Name : Microsoft Internet Explorer Multiple Vulnerabilities (982381) File : nvt/secpod_ms10-035.nasl |
2010-02-08 | Name : Microsoft Internet Explorer Information Disclosure Vulnerability (980088) File : nvt/gb_ms_ie_npl_info_disc_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
62157 | Microsoft IE text/html Content Type URLMON Sniffing Arbitrary File Access |
62156 | Microsoft IE Dynamic OBJECT Tag Cross-domain Arbitrary File Access |
Snort® IPS/IDS
Date | Description |
---|---|
2014-01-10 | Microsoft Internet Explorer security zone restriction bypass attempt RuleID : 16637 - Revision : 12 - Type : BROWSER-IE |
2014-01-10 | Microsoft Internet Explorer 7/8 execute local file in Internet zone redirect ... RuleID : 16423 - Revision : 14 - Type : BROWSER-IE |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2010-06-09 | Name : Arbitrary code can be executed on the remote host through a web browser. File : smb_nt_ms10-035.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-01-19 21:29:42 |
|
2013-05-11 00:46:48 |
|