Categories: US-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-RepositoryUS-Cert-Repository

Cross-Domain Vulnerability in Internet Explorer


Systems Affected

  • Microsoft Windows systems

Overview

Microsoft Internet Explorer (IE) contains a flaw that could allow attackers to run programs of their choice on your computer.

Description

Microsoft IE uses a cross-domain security model to separate content from different sources. A flaw in the model makes IE vulnerable to a cross-domain violation. Attackers could exploit this flaw to execute programs on your computer.

Resolution

Apply a patch

Micrososft has released a patch to resolve this issue. It is available from Microsoft Windows Update or Microsoft Security Bulletin MS04-025.

Disable Active scripting and ActiveX controls

Instructions for disabling Active scripting and ActiveX controls in the Internet Zone can be found in the Malicious Web Scripts FAQ.

Do not follow unsolicited links

Do not click on unsolicited URLs received in email, instant messages, web forums, or internet relay chat (IRC) channels.

Run and maintain an antivirus product

It is important that you use antivirus software and keep it up to date. Most antivirus software vendors frequently release updated information, tools, or virus databases to help detect and recover from virus infections. Many antivirus packages support automatic updates of virus definitions. US-CERT recommends using these automatic updates when possible.

References

  • US-CERT Technical Alert TA04-163A – <http://www.us-cert.gov/cas/techalerts/TA04-163A.html>
  • Vulnerability Note VU#713878 – <http://www.kb.cert.org/vuls/id/713878>
  • Microsoft Windows Update – <http://windowsupdate.microsoft.com/>
  • Microsoft Security Bulletin MS04-025 – <http://www.microsoft.com/technet/security/bulletin/MS04-025.mspx>
  • Malicious Web Scripts FAQ – <http://www.cert.org/tech_tips/malicious_code_FAQ.html>
  • Protect Your PC – <http://www.microsoft.com/security/protect/default.asp>
  • Increase Your Browsing and E-Mail Safety – <http://www.microsoft.com/security/incident/settings.mspx>

Author: Michael Durkota

Copyright 2004 Carnegie Mellon University. Terms of use

Revision History

  • June 11, 2004: Initial release
    July 30, 2004: Added patch information and links to MS04-025

Last updated 



Source link

admin

Leave a Comment
Share
Published by
admin
57 seconds ago

Recent Posts

Cross-Domain Redirect Vulnerability in Internet Explorer

Systems Affected   Microsoft Windows systems   Overview   A cross-domain vulnerability in Internet Explorer…

1 day ago

Multiple Vulnerabilities in ISC DHCP 3

Systems Affected ISC DHCP versions 3.0.1rc12 and 3.0.1rc13 Overview Two vulnerabilities in the ISC DHCP…

2 days ago

Internet Explorer Update to Disable ADODB.Stream ActiveX Control

Systems Affected   Microsoft Windows systems   Overview   Microsoft has released a security update…

3 days ago

Important Internet Explorer Update Available

Systems Affected   Systems running Internet Explorer and Microsoft Windows   Overview   Microsoft has…

4 days ago

Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express

Systems Affected   Microsoft Windows Systems   Overview   Microsoft has released a Security Bulletin…

5 days ago

Multiple Vulnerabilities in Microsoft Windows Components and Outlook Express

Systems Affected   Microsoft Windows Systems   Overview   Microsoft has released a Security Bulletin…

6 days ago

This website uses cookies.