In association with heise online

20 July 2006, 17:04

Web browsers: twenty new vulnerabilities in twenty days

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

July is the Month of Browser Bugs (MoBB), declared Metasploit developer H.D. Moore, and he has shown that he has the goods to prove it. Since the beginning of July, Moore has published one browser hack per day, a total of 20 in web browsers so far. Seventeen of them are in Internet Explorer, the other three in Firefox, Safari and Konqueror, respectively.

While almost all of the seventeen vulnerabilities revealed up to now in Microsoft's browser can only be used in denial-of-service attacks, one of the latest revelations can potentially allow the infiltration of malicious code. The hole is based on an integer overflow and not null pointer dereferences like most of the others, but its exploitability remains unproven. The demo by H.D. Moore only causes Internet Explorer to crash. France's FrSIRT is nevertheless categorizing the glitch as critical. The flaw is located in the Common Controls library comctl32.dll and is provoked through specific calls of the function setSlice() for depicting WebViewFolderIcons.

No patches have yet been released for the flaws sketched by Moore in his blog "Browser Fun - Browser bugs, tricks, and hacks.". When he first started releasing details of these various vulnerabilities, Moore claimed that he had warned Microsoft about the flaws back in March. No such claim has been made for the more recent revelations. The Metasploit developer has of late frequently presented himself as an advocate of a full disclosure policy, and as such, he was one of the first to develop a functional exploit of the WMF hole. Similarly, his exploit of the only recently closed RRAS vulnerability earned him little love from Microsoft.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit