URL Handling Vulnerability in Windows XP and Windows Server,2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution

Boy, that's a long subject line - but it's the title of Microsoft's KB 
article:
http://www.microsoft.com/technet/security/advisory/943521.mspx

--
Microsoft details (a bit) its changes to URL, more correctly URI, 
handling in IE 7 on WinXP and Windows 2003.

The problem is that IE 7 code "tries to fix up" malformed URIs, then 
passes the fixed-up URI to the ShellExecute procedure (on XP and Win2003).

http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-and-background-on-security-advisory-943521.aspx
OR
http://tinyurl.com/yoadp8

<excerpt>
With IE6 installed, ShellExecute() passes the URI to IE which accepts it
and inside IE determines it to be invalid.   Navigation then fails
harmlessly.
With Internet Explorer 7 installed, the flow is a bit
different. IE7 began to do more validation up front to reject malformed
URI's.  When this malformed URI with a % was rejected by IE7,
ShellExecute() tries to "fix up" the URI to be usable.  During this
process, the URI is not safely handled.
IE7 rejects the URI, and on
Windows Vista ShellExecute() gracefully rejects the URI.
That's not the
case on the older versions of Windows like Windows XP and Windows Server
2003 when IE7 is installed.
</excerpt>

This phraseology struck me as odd: "IE7 began to do more validation up
front to reject malformed URI's."
"Began to"?  It sounds like the design of IE 7 was not completed before
it was shipped.
What exactly does "IE7 began to" mean?

*********

This is the root cause behind the Adobe Acrobat family of mishandling of 
URIs in PDFs.

Adobe had not expected the introduction of IE 7 onto existing XP 
computers to change the handling of URIs.  [ "Nobody expects the Spanish 
Inquisition!" :-) ]

http://www.pcworld.com/article/id,137469-c,onlinesecurity/article.html
"a zero-day vulnerability in Adobe Inc.'s pervasive PDF files could be
exploited to snatch control of Windows XP systems."

--

Thus the problem exists for any application not written by Microsoft
that handles URIs where IE 7 is installed on XP or Win2003.

Isn't that special?
0
Al
10/12/2007 2:25:26 AM
grc.security 16608 articles. 3 followers. Follow

1 Replies
1073 Views

Similar Articles

[PageSpeed] 13

> http://www.microsoft.com/technet/security/advisory/943521.mspx
> 
> -- 
> Microsoft details (a bit) its changes to URL, more correctly URI, 
> handling in IE 7 on WinXP and Windows 2003.
> 
> The problem is that IE 7 code "tries to fix up" malformed URIs, then 
> passes the fixed-up URI to the ShellExecute procedure (on XP and Win2003).
> 
> http://blogs.technet.com/msrc/archive/2007/10/10/msrc-blog-additional-details-and-background-on-security-advisory-943521.aspx 
> 
> OR
> http://tinyurl.com/yoadp8
> 

 From the FAQ:
Is this a security vulnerability that requires Microsoft to issue a 
security update?
Microsoft is developing a security update for Windows that addresses 
this vulnerability.


The earlier comments from Microsoft on this issue was basically that 
vendors such as Adobe would need to patch their software to deal with 
this change in the way IE 7 functions on WinXP.

It's good news to hear that Microsoft will be addressing this with a 
security update.

0
Al
10/14/2007 9:49:36 PM
Reply:

Similar Artilces:

Your Internet Explorer home page is reset to "about:blank" and Windows AntiSpyware (Beta) unexpectedly quits in Windows 2000, Windows XP, or Windows Server 2003
followup to grc.security.software Your Internet Explorer home page is reset to "about:blank" and Windows AntiSpyware (Beta) unexpectedly quits in Windows 2000, Windows XP, or Windows Server 2003 http://support.microsoft.com/kb/894269/EN-US/ ----------------------------------------------------------- Quote ----------------------------------------------------------- Article ID : 894269 Last Review : February 25, 2005 Revision : 1.0 SYMPTOMS On a computer that is running Microsoft Windows 2000, Microsoft Windows XP, or Microsoft Windo...

VS .Net 2003 remote web project, windows xp & windows server 2003 setup
Hi everyone, I have a windows server 2003 setup as a server with IIS 6 & VS 2003 .Net I created an account programmatically for a user with frontpage extensions 2002. The accont works fine when using VS Studion .Net 2003 on the server machine however when I try to create a web project using a windows xp client machine with VS .Net 2003 it fails with a combination of "this user is not a member of the author group" (the user is setup as an administrator on the server and also has administrator front page author privilege) & the user has correct inheritable privileges on th...

Network Adapter Drivers for Windows* 2000, Windows* XP and Windows Server* 2003
http://downloadcenter.intel.com/scripts-df-external/Detail_Desc.aspx?agr=Y&ProductID=&DwnldID=4275&strOSs=OSFullName=&lang=eng or: http://preview.tinyurl.com/2ntk46 Installs base drivers, Intel� PROSet for Windows* Device Manager, and Advanced Networking Services (ANS) for Intel� network adapters for Windows* 2000, Windows* XP, and Windows Server* 2003. Download the self-extracting archive and run it. When you run it, it will extract the files to a temporary directory, run the installation wizard, and remove the temporary files when the installation is complet...

Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP
The Threats and Countermeasures Guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. This guide details the different threats, potential countermeasures, and the potential impact of configuring these settings. http://makeashorterlink.com/?W197220E5 -- Regard: Joh@nnes "If U know neither the enemy nor yourself,U will succumb in every battle" ...

The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000
The Microsoft Windows Malicious Software Removal Tool helps remove specific, prevalent malicious software from computers that are running Windows Server 2003, Windows XP, or Windows 2000 http://support.microsoft.com/?id=890830 *********************************************************** Quote *********************************************************** Microsoft has released the Microsoft Windows Malicious Software Removal Tool to help remove specific, prevalent malicious software from computers that are running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft W...

Microsoft Security Advisory (2286198) | Vulnerability in Windows Shell Could Allow Remote Code Execution
<http://www.microsoft.com/technet/security/advisory/2286198.mspx> There are NO instructions how to back-up your Registry prior to the = suggested Hack ! The are NO recommendations that Services tweaks require a restart of the = said PC to take effect. --=20 Randy <http://msmvps.com/blogs/siljaline/default.aspx> <http://www.linkedin.com/in/randyknobloch> Randy Knobloch wrote: > <http://www.microsoft.com/technet/security/advisory/2286198.mspx> > > There are NO instructions how to back-up your Registry prior to > the suggested Hack ...

Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP #3
Note: This is apparently a 311-page pdf file. Unfortunately it requires a Microsoft Passport before it lets you download the file. Why? I don't know. Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP http://www.microsoft.com/downloads/details.aspx?FamilyID=1b6acf93-147a-4481-9346-f93a4081eea8&displaylang=en ----------------------------------------------------------- Quote ----------------------------------------------------------- Registration Required for This Download You must register to receive this download. Please click the Conti...

Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP #2
The Threats and Countermeasures Guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. The Threats and Countermeasures Guide contains detailed information about relevant security settings that can be configured on Microsoft Windows Server 2003 and Windows XP. This guide details the different threats, potential countermeasures, and the potential impact of configuring these settings. http://makeashorterlink.com/?W197220E5 -- Regard: Joh@nnes � "If U know neither the enemy nor yourself,U wil...

Description of the System Update Readiness Tool for Windows Vista, for Windows Server 2008, for Windows 7, and for Windows Server 2008 R2
What is the System Update Readiness Tool? System resources, such as file data, registry data, and even in-memory data, can develop inconsistencies during the lifetime of the operating system. These inconsistencies might be caused by various hardware failures or might be caused by software issues. In some cases, these inconsistencies can affect the Windows servicing store, and they can cause software updates not to work. The System Update Readiness Tool tries to resolve these inconsistencies. http://support.microsoft.com/?kbid=947821 -- "If U know neither the enemy nor y...

Microsoft Security Advisory (2219475) | Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
<http://www.microsoft.com/technet/security/advisory/2219475.mspx> The workarounds, assuming they apply to you, are your option. Awaiting out-of-band patch from MS.=20 --=20 Randy <http://msmvps.com/blogs/siljaline/default.aspx> <http://www.linkedin.com/in/randyknobloch> ...

Microsoft Security Bulletin MS10-046 | Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198)
Is available for those the out-of-band patch applies to:=20 (http://www.microsoft.com/technet/security/bulletin/ms10-046.mspx) --=20 Randy <http://msmvps.com/blogs/siljaline/default.aspx> <http://www.linkedin.com/in/randyknobloch> Thanks, So far I've installed it on XP SP3 and Windows 7. XP SP2 wouldn't take it even though Microsoft said it's supported on the hotfix download page. JJ "JuicyJ" <juicyj@nospam.com> wrote in message news:i374t8$118a$2@news.grc.com... > Thanks, So far I've installed it on XP SP3 and Windows 7....

Now Available: Internet Explorer 8 MUI packs for Windows XP, Windows Server 03
We are pleased to announce the availability of Internet Explorer 8 Multilingual User Interface (MUI) packs for Windows XP SP2, Windows XP SP3, and Windows Server 2003 SP2. The MUI packs can be downloaded from here : http://blogs.msdn.com/ie/archive/2009/05/14/now-available-internet-explorer-8-mui-packs-for-windows-xp-windows-server-03.aspx -- "If U know neither the enemy nor yourself,U will succumb in every battle" ...

Problem accessing sql server on windows server 2003 from windows xp or another domain
Hi, i am digamber i have created a .Net class library for data access, I have sql server 2000 installed in windows server 2003. but when i try to access the database from another domain where we are creating Presentation logic like we are accessing it from winXP, i  am getting a sql server does not exist or access denied error message, but it is running well when i connect from same Domain having sql server 2000 installed i.e windows 2003 server. I am not understanding the cause of problem, i have active directroy installed on the windows server 2003 but other domains are not part ...

How to apply the themes of Windows XP Windows Server 2003
Hi My friends, I have install Windows Server 2003, but I want to ask about how to apply the themes of Windows XP for this version of windows (Windows Server 2003) , because the themes now is standard so I want to change it to Windows XP themes And thanks with my regarding C# ( pronounced as C-sharp ) is a new Java like language from Microsoft. Microsoft says that C# is a language with the power of C++ and simplicity of Visual Basic. C# supposed to be the best language for Microsoft's .NET programming It's a SERVER!!!! wait. let me repeat myself... It's A FREAKIN SERVER!!!!! ...

Web resources about - URL Handling Vulnerability in Windows XP and Windows Server,2003 with Windows Internet Explorer 7 Could Allow Remote Code Execution - grc.security

Vulnerability (computing) - Wikipedia, the free encyclopedia
In computer security , a vulnerability is a weakness which allows an attacker to reduce a system's information assurance . Vulnerability is the ...

Facebook Fixing Vulnerability That Would Prohibit Users From Revoking App Permissions
Facebook is working to remedy a vulnerability discovered by application security provider MyPermissions , which blocks users of the social network ...

Search Twitter - xss vulnerability
... incog @ xssineverything X-Line @ XLine0fficiel View more people Top news story The Next Web @ TheNextWeb 3h TweetDeck users: An XSS vulnerability ...

Staged cyber attack reveals vulnerability in power grid - YouTube
http://frgdr.com/blog/ From CNN's Jeanne Meserve WASHINGTON (CNN) Researchers who launched an experimental cyber attack caused a generator to ...

Hackers exploit 'Flash' vulnerability in Yahoo ads
For seven days, hackers used Yahoo's ad network to send malicious bits of code to computers that visit Yahoo's collection of heavily trafficked ...

Wrong and right of Tony Abbott's policy vulnerability
As debate builds over the Coalition government, conservative voices weigh in with their concerns.

Researchers find vulnerability in EA's Origin platform - online safety, ReVuln, electronic arts, security ...
Users of Origin, the game distribution platform of Electronic Arts (EA), are vulnerable to remote code execution attacks through origin:// URLs, ...

No vulnerability about Sydney now
No vulnerability about Sydney now

Researcher misinterprets Oracle advisory, discloses unpatched database vulnerability
Instructions on how to exploit an unpatched Oracle Database Server vulnerability in order to intercept the information exchanged between clients ...

Cycling and vulnerability: an issue of inequality
As the car hit my bicycle from behind, a strange thought flashed through my mind.

Resources last updated: 11/25/2015 10:18:51 AM