High risk : Internet Explorer file:// Request Zone Bypass Vulnerability

Internet Explorer file:// Request Zone Bypass Vulnerability
Risk
[COLOR=red]
Date Discovered
05-09-2003

Description

Internet Explorer is reported to be vulnerable to a zone bypass issue. Allegedly, if Internet Explorer attempts to open a web page containing numerous 'file://' requests each contained in a separate Iframe, the requested file will eventually be executed in the Local Computer zone.


Platforms Affected
Microsoft Windows 2000 Advanced Server
Microsoft Windows 2000 Advanced Server SP1
Microsoft Windows 2000 Advanced Server SP2
Microsoft Windows 2000 Datacenter Server
Microsoft Windows 2000 Datacenter Server SP1
Microsoft Windows 2000 Datacenter Server SP2
Microsoft Windows 2000 Professional
Microsoft Windows 2000 Professional SP1
Microsoft Windows 2000 Professional SP2
Microsoft Windows 2000 Server
Microsoft Windows 2000 Server SP1
Microsoft Windows 2000 Server SP2
Microsoft Windows 2000 Terminal Services
Microsoft Windows 2000 Terminal Services SP1
Microsoft Windows 2000 Terminal Services SP2
Microsoft Windows 95
Microsoft Windows 98
Microsoft Windows 98SE
Microsoft Windows ME
Microsoft Windows NT Enterprise Server 4.0
Microsoft Windows NT Enterprise Server 4.0 SP1
Microsoft Windows NT Enterprise Server 4.0 SP2
Microsoft Windows NT Enterprise Server 4.0 SP3
Microsoft Windows NT Enterprise Server 4.0 SP4
Microsoft Windows NT Enterprise Server 4.0 SP5
Microsoft Windows NT Enterprise Server 4.0 SP6
Microsoft Windows NT Enterprise Server 4.0 SP6a
Microsoft Windows NT Server 4.0
Microsoft Windows NT Server 4.0 SP1
Microsoft Windows NT Server 4.0 SP2
Microsoft Windows NT Server 4.0 SP3
Microsoft Windows NT Server 4.0 SP4
Microsoft Windows NT Server 4.0 SP5
Microsoft Windows NT Server 4.0 SP6
Microsoft Windows NT Server 4.0 SP6a
Microsoft Windows NT Terminal Server 4.0
Microsoft Windows NT Terminal Server 4.0 SP1
Microsoft Windows NT Terminal Server 4.0 SP2
Microsoft Windows NT Terminal Server 4.0 SP3
Microsoft Windows NT Terminal Server 4.0 SP4
Microsoft Windows NT Terminal Server 4.0 SP5
Microsoft Windows NT Terminal Server 4.0 SP6
Microsoft Windows NT Terminal Server 4.0 SP6a
Microsoft Windows NT Workstation 4.0
Microsoft Windows NT Workstation 4.0 SP1
Microsoft Windows NT Workstation 4.0 SP2
Microsoft Windows NT Workstation 4.0 SP3
Microsoft Windows NT Workstation 4.0 SP4
Microsoft Windows NT Workstation 4.0 SP5
Microsoft Windows NT Workstation 4.0 SP6
Microsoft Windows NT Workstation 4.0 SP6a

Components Affected
Microsoft Internet Explorer 5.5 SP2
Microsoft Internet Explorer 5.5 SP1
Microsoft Internet Explorer 5.5
Microsoft Internet Explorer 6.0 SP1
Microsoft Internet Explorer 6.0

Recommendations
Run all client software as a non-privileged user with minimal access rights.
Always run Internet Explorer as an unprivileged user. This will limit the consequences of successful exploitation of this and other latent vulnerabilities.

Do not follow links provided by unknown or untrusted sources.
Exploitation of this vulnerability can be accomplished by following a link to a malicious website or by viewing maliciously crafted HTML email. Caution should be exercised in accepting any communications from unknown or untrusted users.

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] .
Microsoft Internet Explorer 5.5 SP2:
Microsoft Internet Explorer 5.5 SP1:
Microsoft Internet Explorer 5.5:
Microsoft Internet Explorer 6.0 SP1:
Microsoft Internet Explorer 6.0:

References
Source: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ![CRITICAL]
URL: msg://bugtraq/[email protected]

Source: Re: Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
URL: msg://bugtraq/[email protected]

Source: Technet Security
URL: http://www.microsoft...ity/default.asp

Credits
Discovery is credited to "Marek Bialoglowy" .