Microsoft Security Advisory for MHTML via Internet Explorer (MS2501696/CVE-2011-0096)
www.microsoft.com/technet/security/advisory/2501696.mspx
Information on this vulnerability first started surfacing on Full-Disclosure on 1/15/2011.The vulnerability exists in all supported versions of MS Windows except for 2008 with server core. Other installed applications (Adobe Reader, etc) may be leveraged locally via Internet Explorer (including Outlook, etc.)
There appears to be a myriad of ways it can be leveraged and a lot of thought and creativity is being poured into that. So now would be a good time to: test and consider the registry workaround (see advisory); to review group policies for zone settings for Internet Explorer; and to review detection options for email gateways and proxies/NIDS/etc.
From the advisory:
"The vulnerability exists due to the way MHTML interprets MIME-formatted requests for content blocks within a document. It is possible under certain conditions for this vulnerability to allow an attacker to inject a client-side script in the response of a Web request run in the context of the victim's Internet Explorer. The script could spoof content, disclose information, or take any action that the user could take on the affected Web site on behalf of the targeted user."
A release date for a fix has not been posted yet.
Relevant/Interesting Links:
Enhanced Security Configuration
http://technet.microsoft.com/en-us/library/dd883248(WS.10).aspx
MHTML Info
http://msdn.microsoft.com/en-us/library/aa767916(v=vs.85).aspx
Server Core
http://technet.microsoft.com/en-us/library/ee441255(WS.10).aspx
CVE-2011-0096
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0096
Advisory
http://www.microsoft.com/technet/security/advisory/2501696.mspx
If you come across any attacks targeting this vulnerability, please upload any details you have (pcap, samples, urls, etc)
via our contact form and we'll review them, share with the community (if you permit us), and post updates to the diary.
Thanks,
Robert Danford
ISC DHCP DHCPv6 Vulnerability
The Internet Systems Consortium, the makers of the open source DHCP server, indicated the DHCPv6 service may crash after processing a DHCPv6 decline message. This vulnerability has been assigned CVE 2011-0413 and affect version 4.0.x-4.2.x and maybe remotely exploitable.
Note: This DoS only affects DHCPv6 servers and there is currently no workaround.
[1] https://lists.isc.org/pipermail/isc-os-security/2011-January/000000.html
[2] http://www.kb.cert.org/vuls/id/686084
-----------
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot org
Opera Updates
We've had a few reports (thank you all) that Opera has been updated to 11.01 and fixes several security issues.
Full details are available here
Christopher Carboni - Handler On Duty
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
6 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago