From - Thu Oct 16 15:29:26 1997 Path: news.mitre.org!blanket.mitre.org!agate!howland.erols.net!newsfeed.nacamar.de!news-hh.maz.net!news-muc.maz.net!news.toplink.net!not-for-mail From: Ralf Hueskes Newsgroups: comp.security.misc Subject: Security Hole in Explorer 4.0 Date: Thu, 16 Oct 1997 20:28:34 +0200 Organization: Redaktionsbuero Ralf Hueskes Lines: 90 Message-ID: <34465CD2.A9EDADFB@iway.de> NNTP-Posting-Host: pc1.fr.iway.de Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="------------9EF480BB7FF66998B87BC7D6" X-Mailer: Mozilla 4.01 [en] (WinNT; I) X-Priority: 3 (Normal) This is a multi-part message in MIME format. --------------9EF480BB7FF66998B87BC7D6 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Hi! I think I found a dangerous security hole in Internet Explorer 4.0. In the following text you will find more information about that (sorry, it's from our marketing guys). What do you think about it? Ralf. --- Security Hole in Explorer 4.0 Freiburg - 10/16/97 - A dangerous security hole in Internet Explorer 4.0 was detected by Ralf Hueskes of Jabadoo Communications when he conducted a series of security tests for c't computer magazine. His tests revealed that it is possible to spy on the contents of any text and HTML files on somebody else's computer. Not only local files are in danger, but also data on your company's intranet - even if it is protected by a firewall. The security hole exists even if users have activated the highest security level in their browser. The problem affects both the German and the English version of the Internet Explorer. The code needed for infiltrating your files can be hidden in any normal Web page or in an e-mail message. Technical Details The spy pages make use of Microsoft's Dynamic HTML. If a user accesses a page or receives an e-mail containing this code, infiltration begins ... The spy page contains a so-called IFRAME sized 1 by 1 pixel. When a user accesses the page or opens the e-mail message, a small Jscript program loads the HTML or text file to be spied on into this frame. The contents of the frame can then be read using Dynamic HTML and sent as a parameter hidden in a URL to any Web server in the Internet. Demo Page: http://www.jabadoo.de/press/ie4demo.html Protective Measures According to Ralf Hueskes of Jabadoo Communications, the security hole exploits an error in the design of the Internet Explorer 4.0 that can be fixed only by the manufacturer. Experienced users can protect themselves by completely deactivating the execution of Active Scripting in the security settings (menu item: Tools/Options/Security, Settings/Custom (for expert users)/Active Scripting/Disable). More Information For more information (press only), please contact Ralf Hueskes of Jabadoo Communications (ralf.hueskes@jabadoo.de). Additional information can also be found in c't magazine, vol. 12/97 (to be published on 10/27/97). Miscellaneous Trademarks, program names, company names etc. mentioned on this Web page may be protected by trademark law and international agreements. Although all information has been verified, we cannot guarantee its correctness. --------------9EF480BB7FF66998B87BC7D6 Content-Type: text/x-vcard; charset=us-ascii; name="vcard.vcf" Content-Transfer-Encoding: 7bit Content-Description: Card for Ralf Hueskes Content-Disposition: attachment; filename="vcard.vcf" begin: vcard fn: Ralf Hueskes n: Hueskes;Ralf org: Editorial Office adr: Kartäuserstr. 118 b;;;Freiburg i. Br.;;79104;Germany email;internet: hk@iway.de tel;work: +49 761 29 611 - 0 tel;fax: +49 761 29 611 - 99 x-mozilla-cpt: ;0 x-mozilla-html: TRUE end: vcard --------------9EF480BB7FF66998B87BC7D6--