WatchGuard Wire
Improve Your Security IQ
Windows Explorer on Windows 2000 allows HTML exploits
According to an advisory posted to Bugtraq yesterday, GreyMagic Software discovered a new vulnerability affecting Windows Explorer on Windows 2000 machines. Windows Explorer (not to be confused with Internet Explorer) ships with a preview pane, which allows you to preview certain types of files when you select them in Explorer. Windows 2000 enables this preview pane by default and implements it using HTML technology. That means that some HTML-related security flaws can be exploited on the preview pane.
GreyMagic's advisory warns that Windows Explorer for Windows 2000 suffers from an HTML injection vulnerability. By enticing you into selecting a specially crafted file in Explorer, an attacker can exploit this vulnerability to execute arbitrary HTML scripts on your computer with your privileges. Such scripts could read, write and delete files, or even execute code allowing the attacker to gain control of your machine.
Unfortunately, GreyMagic decided to post their advisory before giving Microsoft time to release a patch. In fact, the advisory even provides links to sample exploit code, which helps script kiddies craft their own malicious attacks. GreyMagic does at least provide you with a workaround. You can disable the preview pane (also called Web view) by clicking Tools => Folder Options => Use Windows classic folders in Windows Explorer.
I don't think this flaw presents a serious risk, however. In order to exploit it, the attacker would have to somehow get his malicious file onto your computer and then get you to select that file in Explorer. Nonetheless, I expect Microsoft will release a patch to fix this flaw on an upcoming Microsoft patch day. We'll inform you when they do. -- Corey Nachreiner
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
