What this all boils down to is that when you add a site to the Trusted
Zone you are giving it additional privileges - this is by design and not
a vulnerability. You can read more about IE Security Settings at
from which we can also read about the Trusted Zone that you should:
"Add a site to this zone only if you trust that it would never cause
harm to your computer."
Giving any site additional executional privileges means that you are
extending your level of trust. You are trusting that the site in
question does not get compromised and have its content replaced with
malicious code, and you are trusting that the site does not have any XSS
errors that would allow harmful code injection into the HTML stream.
There are no sites in the Trusted Zone on a default installation so the
impact is significantly lowered. However, Windows Update is hardcoded to
have additional privileges so if you want to try and practically abuse
the level of trust you would have better luck in trying to find XSS
errors on the Windows Update site or find ways to beat the URL parsing
algorithm that detects whether IE is on the Windows Update site or not.
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor (at) pivx (dot) com [email concealed]
949-231-8496
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: http-equiv (at) excite (dot) com [email concealed] [mailto:1 (at) malware (dot) com [email concealed]]
Sent: Friday, December 26, 2003 9:02 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Cc: NTBugtraq (at) listserv.ntbugtraq (dot) com [email concealed]
Subject: DANGER ZONE: Internet Explorer
Zone you are giving it additional privileges - this is by design and not
a vulnerability. You can read more about IE Security Settings at
http://www.microsoft.com/windows/ie/using/howto/security/settings.asp
from which we can also read about the Trusted Zone that you should:
"Add a site to this zone only if you trust that it would never cause
harm to your computer."
Giving any site additional executional privileges means that you are
extending your level of trust. You are trusting that the site in
question does not get compromised and have its content replaced with
malicious code, and you are trusting that the site does not have any XSS
errors that would allow harmful code injection into the HTML stream.
There are no sites in the Trusted Zone on a default installation so the
impact is significantly lowered. However, Windows Update is hardcoded to
have additional privileges so if you want to try and practically abuse
the level of trust you would have better luck in trying to find XSS
errors on the Windows Update site or find ways to beat the URL parsing
algorithm that detects whether IE is on the Windows Update site or not.
Regards
Thor Larholm
Senior Security Researcher
PivX Solutions
24 Corporate Plaza #180
Newport Beach, CA 92660
http://www.pivx.com
thor (at) pivx (dot) com [email concealed]
949-231-8496
PivX defines "Proactive Threat Mitigation". Get a FREE Beta Version of
Qwik-Fix
<http://www.qwik-fix.net>
-----Original Message-----
From: http-equiv (at) excite (dot) com [email concealed] [mailto:1 (at) malware (dot) com [email concealed]]
Sent: Friday, December 26, 2003 9:02 AM
To: bugtraq (at) securityfocus (dot) com [email concealed]
Cc: NTBugtraq (at) listserv.ntbugtraq (dot) com [email concealed]
Subject: DANGER ZONE: Internet Explorer
<snip
http://www.securityfocus.com/archive/1/348363/2003-12-26/2004-01-01/0>
<snip http://tinyurl.com/3eldd>
[ reply ]