WCM Forum - Einzelnen Beitrag anzeigen

boo · 12.02.2002, 21:03

File Download Dialogue Spoofing via Content-Type and
Content-Disposition fields:

- Exploiting this vulnerability would not give an attacker the
ability to force code to run on a user's system. It would only
enable the attacker to misrepresent the file name and type in the
File Download dialogue. The download operation would not occur
without the user's approval, and the user could cancel at any
time.

- The vulnerability could not be exploited if File Downloads have
been disabled in the Security Zone in which the e-mail is
rendered. This is not a default setting in any zone, however.

- On versions of IE prior to 6.0, the default selection in the file
download dialogue is to save, rather than open, the file. (In
IE 6.0, the default is to open the file; however, this behavior
is inappropriate, and the patch changes IE 6.0 to conform with the
behavior of previous versions).

Application invocation via Content-Type field:

- An attacker could only exploit this vulnerability if the
application specified through the Content-Type field was actually
installed on the user's system.

- The vulnerability does not provide any way for the attacker to
inventory the applications installed on the user's system and
select one, nor does it provide any way to force the user to
install a particular application.

- The vulnerability would not provide any way to circumvent the
security features of the application or to reconfigure it.

- Outlook 2002 users who have configured Outlook to render HTML mail
as plaintext would be at no risk from attack through HTML mail.

Script execution:

- This vulnerability extends only to allowing scripts to run - it
does not allow any other security restrictions to be bypassed.
So, for instance, although an attacker could use this
vulnerability to run a script, the script would still be subject
to all other expected security settings.

Frame Domain Verification Variant via Document.Open function:

- The vulnerability could only be used to view files. It could
not be used to create, delete, modify or execute them.

- The vulnerability would only allow an attacker to read files that
can be opened in a browser window, such as image files, HTML files
and text files. Other file types, such as binary files, executable
files, Word documents, and so forth, could not be read.

- The attacker would need to specify the exact name and location of
the file in order to read it.

12.02.2002, 21:03	#2
boo Master Registriert seit: 17.08.2001 Beiträge: 578	... Teil 2 ... File Download Dialogue Spoofing via Content-Type and Content-Disposition fields: - Exploiting this vulnerability would not give an attacker the ability to force code to run on a user's system. It would only enable the attacker to misrepresent the file name and type in the File Download dialogue. The download operation would not occur without the user's approval, and the user could cancel at any time. - The vulnerability could not be exploited if File Downloads have been disabled in the Security Zone in which the e-mail is rendered. This is not a default setting in any zone, however. - On versions of IE prior to 6.0, the default selection in the file download dialogue is to save, rather than open, the file. (In IE 6.0, the default is to open the file; however, this behavior is inappropriate, and the patch changes IE 6.0 to conform with the behavior of previous versions). Application invocation via Content-Type field: - An attacker could only exploit this vulnerability if the application specified through the Content-Type field was actually installed on the user's system. - The vulnerability does not provide any way for the attacker to inventory the applications installed on the user's system and select one, nor does it provide any way to force the user to install a particular application. - The vulnerability would not provide any way to circumvent the security features of the application or to reconfigure it. - Outlook 2002 users who have configured Outlook to render HTML mail as plaintext would be at no risk from attack through HTML mail. Script execution: - This vulnerability extends only to allowing scripts to run - it does not allow any other security restrictions to be bypassed. So, for instance, although an attacker could use this vulnerability to run a script, the script would still be subject to all other expected security settings. Frame Domain Verification Variant via Document.Open function: - The vulnerability could only be used to view files. It could not be used to create, delete, modify or execute them. - The vulnerability would only allow an attacker to read files that can be opened in a browser window, such as image files, HTML files and text files. Other file types, such as binary files, executable files, Word documents, and so forth, could not be read. - The attacker would need to specify the exact name and location of the file in order to read it. ____________________________________ lg, boo ~ GNU/Linux - there is no substitute! ~