'Critical' IE Security Warning Released:
"A Chinese security researcher has warned of five serious vulnerabilities in Microsoft's (Quote, Chart) Internet Explorer browser, warning that a successful exploit could lead to system takeover.

Liu Die Yu released details of the flaws on the Bugtraq mailing list and issued a warning that the vulnerabilities could lead to system access, exposure of sensitive information, cross site scripting and security bypass.

Yu also released proof-of-concept exploits on the popular mailing list, noting that the flaws affect Internet Explorer versions 5.0, 5.5 and 6.0."

Independent security consultant Secunia has rated the flaws 'Extremely Critical' and urged IE users to disable Active Scripting as a workaround until Microsoft issues a fix.

The flaws related to a redirection feature in the browser using the "mhtml:" URI handler. The researcher warned that it could be exploited to bypass a security check in Internet Explorer which normally blocks web pages in the "Internet" zone from parsing local files.

Yu said the redirection feature could also be exploited to download and execute a malicious file on a user's system. Successful exploitation requires that script code can be executed in the "MyComputer" zone, he explained.

The security alert also included a cross-site scripting vulnerability that could allow a malicious attacker to execute script code in the security zone associated with another Web page if it contains a subframe.

A variant of a previously fixed flaw can still be exploited to hijack a user's clicks and perform certain actions without the user's knowledge, the researcher explained.

Microsoft late Wednesday confirmed it was investigating Lu's warnings. "We have not been made aware of any active exploits of the reported vulnerabilities or customer impact at this time, but we are aggressively investigating the public reports," said Stephen Toulouse, Security Program Manager, Microsoft Security Response Center.

Toulouse told internetnews.com Microsoft would take the "appropriate action to protect our customers" and hinted that a fix could come via an out-of-cycle patch, depending on the seriousness of its findings.

He said Microsoft was concerned that Lu's warnings were not disclosed responsibly, potentially putting computer users at risk. "We continue to encourage responsible disclosure of vulnerabilities. We believe the commonly accepted practice of reporting vulnerabilities directly to a vendor serves everyone's best interests, by helping to ensure that customers receive comprehensive, high-quality patches for security vulnerabilities with no exposure to malicious attackers while the patch is being developed," Toulouse declared.

In the interim, Toulouse is recommending that IE users install the cumulative patch issued earlier this month (MS03-048).…

http://www.internetnews.com/dev-news/print.php/3114171