what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass

Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass
Posted Jul 16, 2014
Authored by VUPEN | Site vupen.com

VUPEN Vulnerability Research Team discovered a critical vulnerability in Microsoft Internet Explorer. The vulnerability is caused due to an invalid handling of a sequence of actions aimed to save a file when calling "ShowSaveFileDialog()", which could be exploited by a sandboxed process to write files to arbitrary locations on the system and bypass IE Protected Mode sandbox. Versions 8, 9, 10, and 11 are affected.

tags | advisory, arbitrary, bypass
advisories | CVE-2014-2777
SHA-256 | 700a7758a2ea45f7d7adc64c38c0a1f3ef968cb15f258ae383dc779133000aca

Microsoft Internet Explorer ShowSaveFileDialog() Sandbox Bypass

Change Mirror Download
VUPEN Security Research - Microsoft Internet Explorer
"ShowSaveFileDialog()" Protected Mode Sandbox Bypass (Pwn2Own 2014)

Website : http://www.vupen.com

Twitter : http://twitter.com/vupen


I. BACKGROUND
---------------------

"Microsoft Internet Explorer is a web browser developed by Microsoft and
included as part of the Microsoft Windows line of operating systems with
more than 60% of the worldwide usage share of web browsers." (Wikipedia)


II. DESCRIPTION
---------------------

VUPEN Vulnerability Research Team discovered a critical vulnerability
in Microsoft Internet Explorer.

The vulnerability is caused due to an invalid handling of a sequence
of actions aimed to save a file when calling "ShowSaveFileDialog()",
which could be exploited by a sandboxed process to write files to
arbitrary locations on the system and bypass IE Protected Mode sandbox.


III. AFFECTED PRODUCTS
---------------------------

Microsoft Internet Explorer 11
Microsoft Internet Explorer 10
Microsoft Internet Explorer 9
Microsoft Internet Explorer 8


IV. SOLUTION
----------------

Apply MS14-035 security update.


V. CREDIT
--------------

This vulnerability was discovered by VUPEN Security.


VI. ABOUT VUPEN Security
---------------------------

VUPEN is the leading provider of defensive and offensive cyber security
intelligence and advanced zero-day research. All VUPEN's vulnerability
intelligence results exclusively from its internal and in-house R&D
efforts conducted by its team of world-class researchers.

VUPEN Solutions: http://www.vupen.com/english/services/


VII. REFERENCES
----------------------

https://technet.microsoft.com/library/security/ms14-035
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-2777


VIII. DISCLOSURE TIMELINE
-----------------------------

2011-02-12 - Vulnerability Discovered by VUPEN Security
2014-03-14 - Vulnerability Reported to ZDI and Microsoft During Pwn2Own 2014
2014-06-10 - Vulnerability Fixed by Microsoft
2014-07-16 - Public disclosure
Login or Register to add favorites

File Archive:

February 2023

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Feb 1st
    11 Files
  • 2
    Feb 2nd
    9 Files
  • 3
    Feb 3rd
    5 Files
  • 4
    Feb 4th
    0 Files
  • 5
    Feb 5th
    0 Files
  • 6
    Feb 6th
    0 Files
  • 7
    Feb 7th
    0 Files
  • 8
    Feb 8th
    0 Files
  • 9
    Feb 9th
    0 Files
  • 10
    Feb 10th
    0 Files
  • 11
    Feb 11th
    0 Files
  • 12
    Feb 12th
    0 Files
  • 13
    Feb 13th
    0 Files
  • 14
    Feb 14th
    0 Files
  • 15
    Feb 15th
    0 Files
  • 16
    Feb 16th
    0 Files
  • 17
    Feb 17th
    0 Files
  • 18
    Feb 18th
    0 Files
  • 19
    Feb 19th
    0 Files
  • 20
    Feb 20th
    0 Files
  • 21
    Feb 21st
    0 Files
  • 22
    Feb 22nd
    0 Files
  • 23
    Feb 23rd
    0 Files
  • 24
    Feb 24th
    0 Files
  • 25
    Feb 25th
    0 Files
  • 26
    Feb 26th
    0 Files
  • 27
    Feb 27th
    0 Files
  • 28
    Feb 28th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close