GreyMagic Security Advisory GM#011-IE ===================================== By GreyMagic Software, Israel. 15 Oct 2002. Available in HTML format at http://security.greymagic.com/adv/gm011-ie/. Topic: Internet Explorer : The D-Day. Discovery date: 26 Sep 2002. Affected applications: ====================== Microsoft Internet Explorer 5.5 and 6.0; prior versions and IE6 SP1 are not vulnerable. Note that any other application that uses Internet Explorer's engine (WebBrowser control) is affected as well (Outlook under the Internet zone, MSN Explorer, etc.). Introduction: ============= The and Solution: ========= Until a patch becomes available either disable Active Scripting or upgrade to IE6 SP1. Tested on: ========== IE5.5 Win98. IE5.5 NT4. IE6 Win98. IE6 Win2000. IE6 WinXP. Demonstration: ============== We put together four proof-of-concept demonstrations: * Simple: Reads the client's "google.com" cookie. * D-Day Console: Automatically load and execute commands on any site. * D-Day Reading: Read local files by accessing a res:// URL. * D-Day Execution: Execute arbitrary programs by accessing a res:// URL. They can all be found at http://security.greymagic.com/adv/gm011-ie/. Feedback: ========= Please mail any questions or comments to security@greymagic.com. - Copyright © 2002 GreyMagic Software.