3 NEW Vulnerabilities in Microsoft Internet Explorer 6.0, 5.5, and 5.01

posted onOctober 12, 2001
by hitbsecnews

Multiple vulnerabilities exist in Microsoft Internet Explorer (IE). The first vulnerability results from IE's improper handling of dotless IP addresses. For example, if an attacker enters an address of http://3473223093 instead of http://207.5.45.181 and formats the request in a particular way, IE uses the intranet zone to open the site rather than the correct Internet zone. This vulnerability doesn't affect IE 6.0.

The second vulnerability involves how IE handles URLs that specify third-party sites. By encoding an URL in a particular way, an attacker can include and send HTTP requests to the site after establishing a connection and it will look like a qualified user sent the requests. If exploited against a Web-based service (such as a Web-based mail service), the attacker can take action on the user’s behalf, including sending a request to delete data.

The third vulnerability is a new variant of a vulnerability that Microsoft originally reported in Security Bulletin MS01-015. This vulnerability affects how an attacker can use IE to invoke Telnet sessions. By design, users can use IE to launch Telnet sessions, but doing so starts Telnet using any command-line options the Web site specifies...

Multiple Vulnerabilities in Microsoft Internet Explorer

Reported October 10, 2001, by Microsoft.

VERSIONS AFFECTED Microsoft Internet Explorer 6.0, 5.5, and 5.01

DESCRIPTION

The third vulnerability continued....This functionality becomes a concern only when using the Telnet client version that installs as part of Services for UNIX (SFU) 2.0 on Windows 2000 and Windows NT 4.0 machines. This version of the Telnet client provides an option for creating a verbatim transcript of a Telnet session. An attacker can use the logging option to start a Telnet session, and stream an executable file onto the user’s system in a location that automatically executes the file the next time the user boots the machine. The vulnerability doesn't lie in the Telnet client, but in IE, which shouldn't let an attacker start Telnet remotely with command-line arguments.

VENDOR RESPONSE

The vendor, Microsoft, has released Security Bulletin MS01-051 to address this vulnerability and recommends that affected users apply the patch provided. Microsoft will provide an NT 4.0 Terminal Services patch at the same security bulletin when it becomes available.

Click here to read the Microsoft Bulletin MS01-051

Click here to get the latest patch to fix up your IE Browser

CREDIT
Discovered by Michiel Kikkert (dotless IP vulnerability) and Joao Gouviea (HTTP request encoding vulnerability).

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs