DOVES Vulnerability V-00107
DOVES Project
Computer Security Laboratory
Department of Computer Science
University of California at Davis
Brief summary: The active setup control in Internet Explorer allows immediate execution of trusted downloads, and allows them to be stored at locations specified by the downloader, rather than the installer.
Detailed description: Internet Explorer's Active Setup control treats Microsoft-signed downloads differently than other downloads. With all digitally-signed downloads except those from Microsoft, Explorer identifies the signer and asks if the user wants to continue. This is not done for Microsoft-signed downloads. Further, the user is asked where he or she would like to store the download, and the user may specify a file or directory.
Suppose a Windows NT system mounts its data from a central server to which the Internet Explorer has access (either because it runs on the server or, more likely, shares the same volumes). The IE user downloads some Microsoft-signed package and specifies that it is to be saved in a location that overwrites key files on the server. This denies other users access to the files overwritten.
Components: Internet Explorer 5.5 and earlier, even with service packs
Operating system(s): Windows NT 4.0, all versions; Windows 2000, all versionsThe Internet Explorer user can overwrite files on disk.
How to detect:
How to fix:
Other information:
PA Classification:
RISOS Classification:
Davis Classification:
Common Vulnerability Exposure: The Microsoft Active Setup ActiveX component in Internet Explorer 4.x and 5.x allows a remote attacker to install software components without prompting the user by stating that the software's manufacturer is Microsoft. [CAN-2000-0160]
Attacks: See Doves exploit #107
Advisories:
Who reported it: USSR Labs in Bugtraq on July 5, 2000: independentlydiscovered the problem and reported it to Microsoft; Aaron Drew in Bugtraq on July 18, 2000: independently discovered the problem
Department of Computer Science
University of California at Davis
One Shields Ave.
Davis, CA 95616-8562
Dove images © 1999-2000 www.barrysclipart.com