Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security VulnWatch
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [VulnWatch] FW: failure notice

from [Michael Evanchik] Network Security [Permanent Link]
Subject: Re: [VulnWatch] FW: failure notice
Date: Tue, 28 Mar 2006 21:38:52 -0500 
far as i know html is not dangerous even in local zone with IE ( not including 
the 0 day exploit thats out now)
  ----- Original Message ----- 
  From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] 
  To: Ken Pfeil 
  Cc: vulnwatch@vulnwatch.org 
  Sent: Tuesday, March 28, 2006 5:38 PM
  Subject: Re: [VulnWatch] FW: failure notice


  But I don't get it...

  It's still an untrusted web site...Sharepoint "is" a web site.

  And if you don't know who's site it is... it still falls into the 
  guidance of "it's not a trusted web site".

  Besides... antivirus vendors are so far protecting us..

  Ken Pfeil wrote:

  >Just in case anyone uses IE with Sharepoint.. Boom.
  >
  >----- Forwarded message from secure@microsoft.com -----
  >    Date: Tue, 28 Mar 2006 11:47:12 -0800
  >    From: Microsoft Security Response Center <secure@microsoft.com>
  >Reply-To: Microsoft Security Response Center <secure@microsoft.com>
  > Subject: RE: Another Attack Vector
  >      To: Ken@infosec101.org
  >
  >Hi Ken,
  >
  >Thanks for getting back to me. I will pass your comments on to the case
  >manager handling this behavior with the SharePoint team.
  >
  >Thanks,
  >Christopher, CISSP
  >
  >-----Original Message-----
  >From: Ken@infosec101.org [mailto:Ken@infosec101.org]
  >Sent: Tuesday 28 March 2006 11:42
  >To: Microsoft Security Response Center
  >Subject: RE: Another Attack Vector
  >
  >Thank you Christopher,
  >
  >But there are a bazillion different scenarios where this could be
  >slightly more than detrimental. There are literally hundreds of sites
  >using Sharepoint for blogs, and anonymous access is an option turned on
  >by default. For a real working example, please open the file
  >IE_Exploit.txt on the below site and watch filemon dance a jig..
  >
  >Best,
  >Ken
  >
  >
  >Quoting Microsoft Security Response Center <secure@microsoft.com>:
  >
  >  
  >
  >>Hi Ken,
  >>
  >>Thanks for your note. This is by-design behavior with SharePoint and
  >>Internet Explorer and, as you mentioned, is related to IE MIME type
  >>detection. The mitigating circumstance in this scenario is that
  >>SharePoint sites are authenticated and it would be possible to "audit
  >>and punish" the attacker. Just the same, I'll pass this on to the case
  >>    
  >>
  >
  >  
  >
  >>manager for this investigation.
  >>
  >>Thanks,
  >>Christopher, CISSP
  >>
  >>-----Original Message-----
  >>From: Ken@infosec101.org [mailto:Ken@infosec101.org]
  >>Sent: Tuesday 28 March 2006 09:16
  >>To: Microsoft Security Response Center
  >>Subject: Another Attack Vector
  >>
  >>There is yet another attack vector for createTextRange() (besides
  >>untrusted websites). Windows Sharepoint. If you create a txt file with
  >>    
  >>
  >
  >  
  >
  >>html tags and post it, say in "Shared Documents", IE will render it as
  >>    
  >>
  >
  >  
  >
  >>HTML in the browser when the document is clicked on instead of
  >>displaying as text. Example:
  >>https://foo.org/Shared%20Documents/test2.txt (code is
  >>simple html here, but could have been dangerous). You might want to
  >>update your advisory to include this.
  >>
  >>(And, I know you can de-select "Open Files Based on Content, not file
  >>extension" under IE, but that opens your host to *other*
  >>vulnerabilites.)
  >>
  >>Username for the system above for a sample doc is:
  >>testuser with password of password.
  >>
  >>Best,
  >>Ken
  >>
  >>
  >>    
  >>
  >
  >
  >
  >
  >
  >----- End forwarded message -----
  >
  >
  >
  >  
  >

  -- 
  Letting your vendors set your risk analysis these days?  
  http://www.threatcode.com
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  [Full-disclosure] [xfocus-SD-060329]MPlayer: Multiple integer overflows, XFOCUS Security Team
Next by Date:  [Full-disclosure] Re: [MPlayer-users] [xfocus-SD-060329]MPlayer: Multiple integer overflows, Attila Kinali
Previous by Thread:  Re: [VulnWatch] FW: failure notice, Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]
Next by Thread:  [Full-disclosure] [xfocus-SD-060329]MPlayer: Multiple integer overflows, XFOCUS Security Team
Indexes:  [Date] [Thread] [Top] [All Lists]