Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] Advisory : Internet Explorer Zone Domain Specification

from [Aditya K Sood] Network Security [Permanent Link]
Subject: [Full-disclosure] Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing.
Date: Sun, 01 Jul 2007 09:53:42 -0700 
Advisory : Internet Explorer Zone Domain Specification Dos and Page
Suppressing
Severity : Intermediate
Version : IE 6.0 - 7.0
Dated : 18 June 2007


Explanation:
The vulnerability is present in handling of domain names with different
parameters [ sub domains] when specified in the Intranet zone and
Restricted zone with different characters [* ,.]. TheInternet Explorer
show weird behavior in opening of those websites. The problem occurs in
loading of those websites there by resulting in DoS through the browser.
The problem occurs in resolving domain names in different zones by the
explorer. It can be launched remotely by a malicious attacker by
exploiting this vulnerable behavior through a rogue script and registry
functions. The problem persists if rogue entries or manipulated entries
are subjected into various zones.


So when a new instance of IE is loaded , the registry entries are
triggered up there by resulting in security impacts. The website page
gets suppressed. The page gets hanged for sometime , there
by showing a delay in loading of website and affects the CPU load.

Vendor Status : Reported To Microsoft Security Center.

Solution By Microsoft Security Center:
1. Avoid visiting untrusted Websites.
2. Script Restriction should be applied.

-----
Aditya K Sood
http://www.secniche.org




_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] Advisory : Internet Explorer Zone Domain Specification Dos and Page suppressing., Aditya K Sood <=
Previous by Date:  Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users), Airscanner Corp.
Next by Date:  Re: [Full-disclosure] youtube flagged content age verification bypass, Nikolay Kichukov
Previous by Thread:  Airscanner Advisory #07062901: FlexiSPY Victim/User Database Exposure (Full world readable access to ALL SMS/Emails/Voice data from victims/users), Airscanner Corp.
Next by Thread:  Re: Re: Progress Webspeed exploit for all releases, suresync
Indexes:  [Date] [Thread] [Top] [All Lists]