IE hole can be used to open a ‘back door’

An attacker could trick a user of Microsoft Corp.’s Internet Explorer (IE) Web browser into downloading and running a malicious program by disguising it as an innocent file, a Finnish security company has warned.

The file name as it appears in the IE file download dialogue box can be faked by using certain URLs (Uniform Resource Locators) and HTTP (HyperText Transport Protocol) headers on a Web page, making the user think he is opening a media file when in fact he is installing a “back door” on his PC, according to Oy Online Solutions Ltd. A back door is a program that can be used by hackers to enter a user’s PC.

IE won’t show the warnings it typically displays when a program file is downloaded or opened, because the .exe file extension may have been hidden or replaced with another such as .txt or .htm. The file is run without any warnings because IE, just as the user, thinks it is a harmless file, Oy Online Solutions said.

Details of the vulnerability were first released on the Bugtraq mailing list in late November. Microsoft at the time did not consider it a flaw, but will now release a patch, Jyrki Salmi, managing director of the Finnish Internet security company, said on Thursday.

“Microsoft has forwarded us the initial patch. It appears to be working and should be available next week,” he said.

Salmi declined to say why Microsoft changed its mind. It has been suggested that the vulnerability could be exploited to automatically download and run programs on a user’s PC, without even showing a faked file name in a dialog box. Salmi wouldn’t confirm or deny this, saying only that it would become clear when the patch is released.

Affected are IE 5.0, 5.5 and 6, according to Salmi. Users are advised to disable file downloading or be very cautions about downloading files until the patch becomes available, said Salmi.

In general, users should be careful when downloading files from untrusted Web sites, Salmi said, adding that a trusted site could be hacked and thus dangerous as well.

Besides back doors, the vulnerability could also be exploited to install tools used in distributed denial of service (DDoS) attacks, format hard disks, or spread viruses, the Finnish security company said.

Oy Online Solutions Ltd. in Jyv

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now