Microsoft KB Archive/322923

= MS02-023: Patch Available for Zone Spoofing Through Malformed Web Page Vulnerability =

Article ID: 322923

Article Last Modified on 2/1/2007

-

APPLIES TO


 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 5.5
 * Microsoft Internet Explorer 5.5 Service Pack 1
 * Microsoft Internet Explorer 5.5 Service Pack 2
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 5.01
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0
 * Microsoft Internet Explorer 6.0

-



This article was previously published under Q322923



SYMPTOMS
A privilege-elevation vulnerability exists in Internet Explorer that relates to the Internet Explorer security zones. Specifically, the vulnerability can permit a Web site to trick Internet Explorer into believing that a site is located on the user's intranet. In some very specific cases, a page might convince Internet Explorer that it is a page in the Trusted Sites zone. In both cases, successfully exploiting this vulnerability causes the page to be handled with fewer security restrictions than is appropriate.

To mount a successful attack by using this vulnerability, an attacker must convince a user to visit a Web site that is under the attacker's control. The attacker must cause the user to visit the Web site by using NetBIOS instead of HTTP, which most likely requires the attacker to cause the user to visit the site by first clicking a specially constructed hyperlink.

Because this vulnerability requires NetBIOS to be used, customers who block NetBIOS at the perimeter with their firewall are protected against this vulnerability. Also, an attempt to impersonate a trusted site requires specific knowledge of customizations that the user has made to the configuration. The vulnerability gives no means for an attacker to learn of those customizations.



CAUSE
This vulnerability occurs because of a flaw in the determination of the Internet Explorer security zones. Specifically, there is an error in relation to some particularly malformed Web pages when they are accessed by using NetBIOS instead of HTTP. Therefore, some pages might be determined to belong to the wrong Internet Explorer security zone.



Internet Explorer 6
To resolve this problem, obtain the latest service pack for Internet Explorer 6. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:

328548 How to Obtain the Latest Internet Explorer 6 Service Pack

The update for this problem is included in the &quot;May 15, 2002, Cumulative Patch for Internet Explorer.&quot; For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.5 Service Pack 2
The update for this problem is included in the &quot;May 15, 2002, Cumulative Patch for Internet Explorer.&quot; For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.5 Service Pack 1
The update for this problem is included in the &quot;May 15, 2002, Cumulative Patch for Internet Explorer.&quot; For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer

Internet Explorer 5.01 Service Pack 2 (on Microsoft Windows 2000 and Microsoft Windows NT 4.0 only)
This update is only for customers running Internet Explorer 5.01 Service Pack 2 on Windows 2000 Service Pack 2 or Windows NT 4.0 Service Pack 6a. If you are running Internet Explorer 5.01 on any other version of Windows, upgrade to Internet Explorer 5.5 Service Pack 2 or later, and then apply this update.

The update for this problem is included in the &quot;May 15, 2002, Cumulative Patch for Internet Explorer.&quot; For additional information about how to obtain this patch, click the article number below to view the article in the Microsoft Knowledge Base:

321232 MS02-023: May 15, 2002, Cumulative Patch for Internet Explorer



Internet Explorer 6
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 6. This problem was first corrected in Internet Explorer 6 Service Pack 1.

Internet Explorer 5.5
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 5.5.

Internet Explorer 5.01
Microsoft has confirmed that this problem may cause a degree of security vulnerability in Microsoft Internet Explorer 5.01.



MORE INFORMATION
For more information about this vulnerability, visit the following Microsoft Web site:

http://www.microsoft.com/technet/security/bulletin/MS02-023.mspx

Additional query words: security_patch patch27

Keywords: kbbug kbfix kbie501presp3fix kbsecvulnerability kbie600presp1fix kbsecurity kbie600sp1fix kbie550presp3fix kbsecbulletin kbsechack KB322923

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.