Microsoft Internet Explorer modal dialog box race condition
Microsoft Internet Explorer modal dialog box race condition
Date Discovered: 2006. április 26.
Date Published: 2006. május 3.
Last Updated: 2006. május 3.
Threat Assessment
Overall Risk: Medium
Impact: Medium
Popularity: High
Simplicity: Very Low
Vulnerability Description
Vulnerability ID: 34090
Discovered By: Matthew Murphy
Exploitable Locally: No
Exploitable Remotely: Yes
Impact: Remote attackers can execute arbitrary code.
Root Cause: Software Vulnerability
Microsoft Internet Explorer contains a vulnerability that can allow an attacker to execute arbitrary code. The vulnerability is due to a timing issue in the way modal dialog boxes are handled. Attackers can exploit the vulnerability to trick a user into permitting the execution of malicious code.
Recommendations
For: Microsoft Internet Explorer 5.5 SP2 x86 32, Microsoft Internet Explorer 6 SP1 x86 32, Microsoft Internet Explorer 6 XP SP2 x86 32, Microsoft Internet Explorer 6.0 for Windows Server 2003 x86 32, Microsoft Internet Explorer 6.0 SP1 for Windows Server 2003 x86 32
If the vendor supplied patch is not available or installation is not feasible, the following steps can be used to limit exposure.
1. Implement a firewall
2. Install Anti-virus and Spyware detection software and ensure definitions are kept current
3. Check for software updates on a regular basis; if updates are available apply them as soon as possible
4. Use vigilance when opening HTML formatted emails, following links embedded in emails or links from an unknown source
5. Use a non-administrative privileged account for general tasks
6. Do not open files from untrusted or unconfirmed sources
Affected Technologies
Microsoft: Microsoft Internet Explorer 5.5 SP2 x86 32
Microsoft: Microsoft Internet Explorer 6 SP1 x86 32
Microsoft: Microsoft Internet Explorer 6 XP SP2 x86 32
Microsoft: Microsoft Internet Explorer 6.0 for Windows Server 2003 x86 32
Microsoft: Microsoft Internet Explorer 6.0 SP1 for Windows Server 2003 x86 32
References
Mitre CVE: CVE-2006-2094
More information on CA Vulnerability Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=34090
Computer Associates – the Trusted Source of Security Knowledge
Back
- Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
- Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
- Acer G6 series - Super-slim design, inspiring performance
- Come Explore the VIA Smart Ecosystem at Computex 2012
- HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
- MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
- Google infringed Java copyrights in Android, jury finds
- After false alarm, no verdict Friday in Oracle Google
- Lenovo building industrial center to develop tablets, smartphones
- Facebook´s valuation for IPO will be lower than initially expected
Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner
OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner
Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner
PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel