Security 10817 Published by

Microsoft has updated their IE security patch for the Exposure and altering of data in cookies problem.



In addition to eliminating all previously discussed vulnerabilities affecting IE 5.5 Service Pack 2 and IE 6, the patch also eliminates three newly discovered ones:

The first two involve how IE handles cookies across domains. Although the underlying flaws are completely unrelated, the scope is exactly the same - in each case, a malicious user could potentially craft a URL that would allow them to gain unauthorized access to a user's cookies and potentially modify the values contained in them. Because some web sites store sensitive information in a user's cookies, this could allow personal information to be compromised. Both vulnerabilities could be exploited either by hosting specially crafted URL's on a web page or by sending them to the victim in an HTML email.

The third vulnerability is a new variant of a vulnerability discussed in Microsoft Security Bulletin MS01-051 affecting how IE handles URLs that include dotless IP addresses. If a web site were specified using a dotless IP format (e.g., http://031713501415 rather than http://207.46.131.13), and the request were malformed in a particular way, IE would not recognize that the site was an Internet site. Instead, it would treat the site as an intranet site, and open pages on the site in the Intranet Zone rather than the correct zone. This would allow the site to run with fewer security restrictions than appropriate. This vulnerability does not affect IE 6.
Read more