Zero-day flaw haunts Internet Explorer

Zero-day flaw haunts Internet Explorer

Summary: An unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:Do you believe in ghosts?

SHARE:
TOPICS: Browser, Microsoft
41

Zero-day flaw haunts Internet ExplorerAn unpatched cross-domain vulnerability in Microsoft's flagship Internet Explorer browser could expose Windows users to cookie hijacks and credentials theft attacks, according to a warning from security researchers.

The zero-day flaw, which has been reported to Microsoft, is a variation of Eduardo Vela's IE Ghost Busters talk:

Do you believe in ghosts? Imagine an invisible script that silently follows you while you surf, even after changing the URL 1,000 times and you are feeling completely safe. Now imagine that the ghost is able to see everything you do, including what you are surfing and what you are typing (passwords included), and even guess your next move.

No downloading required, no user confirmation, no ActiveX. In other words: no strings attached. We will examine the power of a resident script and the power of a global cross-domain. Also, we will go through the steps of how to find cross-domains and resident scripts.

Details of the new variation have been posted online by the Ph4nt0m Security Team (translation here).

It affects Internet Explorer 6 on Windows XP SP2 and SP3.  The new IE 7 browser is not affected because Microsoft changed the way Javascript protocol URLs are handled to prevent these types of attacks.

Security researcher Aviv Raff has created a test page that confirms the attack vector in IE 6. This screenshot shows a script loaded in one domain (raffon.net) showing a cookie of a different domain (google.com):

Zero-day flaw haunts Internet Explorer

In the absence of a patch, IE users are strongly encouraged to upgrade to IE 7.  Or, as always, consider using an alternative browser.

UPDATE: An alert from US-CERT spells out the risks:

This vulnerability may allow a remote, unauthenticated attacker to execute arbitrary script in the context of another domain. This could allow an attacker to take a variety of actions, including stealing cookies, hijacking a web session, or stealing authentication credentials.

Secunia rates this a moderately critical issue.

Topics: Browser, Microsoft

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

41 comments
Log in or register to join the discussion
  • Jello

    Wow, Ryan, that really tells me a lot. What does this vulnerability do? Change my hard drive into Jello?
    plainstreet@...
    • Did you read the article?

      It was pretty clearly stated what the vulnerability can result in. "Imagine an invisible script that silently follows you while you surf, even after changing the URL 1,000 times and you are feeling completely safe. Now imagine that the ghost is able to see everything you do, including what you are surfing and what you are typing (passwords included), and even guess your next move."

      So think of it like a keystroke logger, able to track websites you have visited, capture any usernames and passwords you key in, that kind of thing.
      jasonp@...
  • While the information is appreciated

    it would have been nice if the headline had included that little number 6. It makes a huge difference.
    Michael Kelly
    • I think the author knew it ...

      yet still decided to omit it for grabbing more page views obviously.
      LBiege
      • RE: Zero-day flaw haunts Internet Explorer

        Around <a href="http://flvto.com/">convert youtube to mp3</a> entirely above another time aspiration, I advantage commence your <a href="http://flvto.com/">mp3 from youtube</a> by the side of amid <a href="http://flvto.com/">youtube to mp3 online</a>
        convert youtube to mp3
  • this flaw haunts only OLD Internet Explorer 6

    this flaw haunts only OLD Internet Explorer 6. This should be reported in the title, just add '6' to the end of title.
    qmlscycrajg
    • I agree

      While IE6 vulnerabilities are still relevant due to its market share(more than IE7), my guess is that the title only mentions IE since that might generate a few more hits. Isn't that something we've seen before(on ZDNet and elsewhere)?
      balaknair
      • IE6

        Sure. It could be for grabbing page views, possibly even for a good reason: How many non-computer-savvy casual browsers know which version of IE they are running? Of course, by the same token, I suppose some do no even know what IE is, it is just they are "on the internet".

        Could the reason even be marketing?

        Good gravy, will we ever know?
        seanferd
  • why aren't you all jumpin on Mozilla for Firefox 3?

    I had to go back to Firefox 2 due to random crashes when closing and then I went to Ebay. Firefox 3 blocks tabs like "BUY IT NOW" and people complain other features don't work since upgradeing.

    Why don't you all report on Firefox 3 issues insteads of digging up old crap on IE?
    Randalllind
    • He reports on exploitation issues

      not application crashes or annoyances. There are plenty of other people writing about those things.
      Michael Kelly
    • Feel better now?

      I use FF 3 and have none of the troubles you have. So what? This has to do with the story how? Now, your rantings aside about "old crap on IE", as of today, IE 6 still has a LARGER market share than IE 7.

      http://www.w3schools.com/browsers/browsers_stats.asp

      Kind of makes reporting this somewhat important.

      TripleII
      TripleII-21189418044173169409978279405827
      • It does doesn't it?

        After reading the story, I was wondering how relevant this could be since IE7 isn't affected. But as you pointed out, IE6 still has a larger market share than IE7, and that makes this a worthwhile story(though I do feel the title ought to have been a little more specific and mentioned IE6 instead of just IE). Thanks.

        BTW, the link you posted above wouldn't load, just thought I'd post this alternate(has the same data + some more)
        http://www.w3counter.com/globalstats.php
        balaknair
        • Thanks, edited my link. (NT)

          (NT)
          TripleII-21189418044173169409978279405827
    • Firefox and Me

      I have been Running Firefox 3.x Betas and NOW the FULL 3.0 Version for Quite some time now...

      It has ALWAYS Performed Above Average to Excellent...

      I am on Mac OS 10.5.3....

      SO.....

      My UNIX OS might have something to do with my AWESOME STABILITY...

      Currently have my Mac Running 15+ days WITHOUT an End Now or Crash or Glitch... Requiring a RESTART...

      My BEST Record for Running my System from Start-up until a Restart was Required...

      IS: 58 Days...

      Try that with a PC running XP or Vista...

      It will NEVER HAPPEN...

      Firefox is a Great Browser and I actually Prefer Firefox over Apples Safari... Go Figure...

      How many Days of NO RESTARTS on you on???

      Gleefully Computing Firefox World...

      Aloha,

      Waikiki Dude
      michaelkiewicz@...
      • "How many Days of NO RESTARTS on you on???"

        None - I shut down my computer each day when I go to work. You see, I believe in green computing wherever I may be.

        Not home? Why burn the electricity plus heat up the house? Where I live, it really matters.
        Confused by religion
        • RUNNING BOINC - 24/7 - CRUNCHING DATA FOR HUMANITY!!!

          Aloha,

          I DO NOT Shut Down my system as I am Participating in a Science/Biology Research Project called:

          BOINC: Berkley Open Infrastructure for Network Computing

          This Application RUNS 24/7/365...

          Crunching this Data is Helping to Find Cures to Protein, DNA, etc... Problems...

          I am PAYING for the ELECTRICITY MYSELF so that maybe someday We can have Cures for things like Cancer, HIV, Hepatitis, Malaria, Alzheimer's and MANY Other Worthy Projects for Helping HUMANITY...

          Hope U Understand...

          This is why I like NOT HAVING TO RESTART my System Due to a Inferior Operating System...

          Have A Great Day...

          Helping Humanity Cure Horrible Disease's

          Aloha,

          Michael in Waikiki, Honolulu, Oahu, Hawaii
          michaelkiewicz@...
          • I never have to restart

            Not for errors, at least. Errors of the OS are [b]incredibly[/b] rare. Any error is pretty rare for me, but 99.99999% of them are either an app or my fault. Only when an update requires it is restart necessary. That happens on average once every month or two. But sometimes longer. In any case, these sporatic update-prompted restarts generally aren't even needed except as by the new update.

            That's the laptop. We turn the desktops off daily. Why waste the electricity if they aren't being used?

            I feel sorry for you. You seem to have really had to deal with some crap systems, and considering your completely off-base assumptions about other platforms, based on your over-the-top responses to generally benign posts, and it appears as though you have assumed (you really need to work on that 'assuming' thing you do all the time) others have the same problems. Sorry to tell you: we don't. Some do. Most don't. You probably ought to consider just accepting that, it isn't going to change anytime soon.


            I ask again: why in the hell do you capitalize like that? It makes it very confusing to read.
            laura.b
          • Smell your own?

            Take a breath. You are not that cool. I have been doing this since SETI, now the GRID project. All on Windows machine. Never had an OS crap on me that I could not trace back to hardware are application, but that is OK becuase there are so many more choices out there for Windows or Linux machines then for your toy fruit. And I lived in Hawaii for 3 years and it is not so great. I was glad to get off the little island.
            Kyser Soze
      • Whattttt!!!!!!!!!

        I run my PC's with XP and Vista for months on end without an incident. More garbage.
        Pooch666
        • Tell that to Bill gates then ,,, <NT>

          <NT>
          Intellihence