SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability

To: full-disclosure@xxxxxxxxxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, websecurity@xxxxxxxxxxxxx, "Steven M. Christey" <coley@xxxxxxxxx>
Subject: SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability
From: Aditya K Sood <zeroknock@xxxxxxxxxxxx>
Date: Thu, 16 Aug 2007 20:36:58 -0700
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
User-agent: Thunderbird 1.5.0.12 (Windows/20070509)

Advisory : Microsoft Internet Explorer Pop up Blocker Bypassing and DosVulnerability


Dated : 15 August 2007

Severity : Critical

Explanation :

The vulnerability persists in the popup blocker functioning to allowspecific websites to executepopup in the running instance of Internet Explorer. An attacker caneasily exploits it by enablinga browser to run a malicious script in the context of Internet Explorer.The script manipulates theregistry entries for specific websites through Javascript. It adds fakeor malicious websites as anallowed websites in the pop up blocker. The cause user visiting auntrusted website or any othe

malicious cause.

Detail Advisory :
http://www.secniche.org/advisory/Internet_Pop_Phish_Dos_Adv.pdf
http://www.secniche.org/adv.html


Proof of Concept : Level 1 Infection Test
http://www.secniche.org/misc/ie_pop_by_level1_test.zip

Test run fine locally as well with Web server [IIS] automated serverobject calling. Infection

through Active X Object.

Regards
AKS aka 0kn0ck
http://www.secniche.org

Follow-Ups:
- RE: [Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability
  - From: Debasis Mohanty

Prev by Date: Re: Remote Denial of Service for SSH service at Dell DRAC4 (maybeMocana SSH)
Next by Date: HPSBMA02240 SSRT061260 rev.1 - HP OpenView Operations Manager for Windows (OVOW) with the OpenView Operations Add On Module for OpenView Operations-Business Availability Center Integration Running Shared Trace Service, Remote Arbitrary Code Execution
Previous by thread: Re: [Full-disclosure] McAfee Virus Scan for Linux and Unix v5.10.0 Local Buffer Overflow
Next by thread: RE: [Full-disclosure] SecNiche : Microsoft Internet Explorer Pop up Blocker Bypassing and Dos Vulnerability
Index(es):
- Date
- Thread