|
|
RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' : msg#00377security.bugtraq
The vulnerabilities' list is accessible even by unprivileged user account. The ability of active content to access this report depends on security setting of the browser. For example, signed ActiveX that runs in browser with low security setting, doesn't need user's approval. User can also choose not be asked whether to launch ActiveX that is signed by a specific signer. In such case, there's no need for low security setting of the browser. The ActiveX doesn't have to be safe for scripting. The ActiveX can do anything without being scripted at all. You can access this report even without active content. All you need is a limited exploit that just allows you to read a file. Deus Attonbitus wrote: DA>but the script would also have to be able to discern the currently logged DA>on user in order to see where to look in the "Documents and Settings" tree. 1. Discern the currently logged on user - It's a simple Win32 API. 2. Code can simply look for "Security Scans" folder in tree. Regards, Menashe. -----Original Message----- From: 3APA3A [mailto:3APA3A@xxxxxxxxxxxxxxxx] Sent: Thursday, April 25, 2002 10:52 AM To: Menashe Eliezer Cc: Bugtraq; vuln-dev Subject: Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Dear Menashe Eliezer, Sorry for asking, but it's unclear from advisory: is it possible to access reports with either: 1. ActiveX element marked safe for scripting 2. Javascript or VBscript from "Internet" security zone Examples you give for scripting will only run in local host content, so this problem seems to be local only (default permissions for sensitive files) with minimal impact, because analysis of security policy, registry and file permissions can (mostly) be done by local user with unprivileged account. In this case risk is low. --Thursday, April 25, 2002, 5:06:32 AM, you wrote to bugtraq@xxxxxxxxxxxxxxxxx: ME> Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) ME> Finjan Software Security Advisory ME> URL: http://www.finjan.com/mcrc/alert_show.cfm?attack_release_id=71 ME> April 24, 2002 ME> Risk: Medium ME> ------------- -- ~/ZARAZA ×åëîâåê ýòî òàéíà... ÿ çàíèìàþñü ýòîé òàéíîé ÷òîáû áûòü ÷åëîâåêîì. (Äîñòîåâñêèé) |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Fragroute and ISS (NetworkICE) products: a brief analysis: 00377, Chris Deibler |
|---|---|
| Next by Date: | Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list): 00377, Deus, Attonbitus |
| Previous by Thread: | Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)i: 00377, 3APA3A |
| Next by Thread: | [Global InterSec 2002041701] Sudo Password Prompt Vulnerability.: 00377, Global InterSec Research |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |