'Treasure hunt' ends after hacker releases IE attack code
One week after hiding Internet Explorer attack code, security researcher Aviv Raff has posted details on how to launch the attack.
The bug lies in the "Print Table of Links" feature, which lets IE users print out a web page along with a list of all the links on the page tacked onto the end. Raff discovered that if an attacker added special scripting code to a web page, he could then run unauthorised software on the PCs of IE users who printed using this feature.
The flaw affects IE 7 and IE 8, Raff said. Security vendor Secunia said that the bug also affects IE 6.
Because the hack requires that the user be tricked into following so many steps - not only visiting a web page, but then printing a page with this feature selected - Secunia has rated it as a "less critical."
Raff said that the flaw could be a more serious issue if hackers were to add the code to web pages that were frequently printed out, such as those on Wikipedia.
The bug has not been patched by Microsoft, which was notified of the issue just last week.
Raff disclosed the flaw in an unusual way, embedding it in his own website and then inviting other hackers to come and find it. He called this a "treasure hunt."
The Israeli hacker said that the treasure hunt idea came from a local custom of playing such games during Israel's Independence Day. The contest was won Tuesday by someone calling himself "George the Greek."
Microsoft didn't get much time to fix the vulnerability, but Raff said he didn't feel that Microsoft would address the issue quickly unless he went public with the vulnerability.
When he has followed Microsoft's responsible disclosure guidelines in the past, the company has been too slow to fix bugs, he said.
Reproduced from an article published by Techworld.com
© Techworld.com
The original article can be viewed here:
http://www.techworld.com/security/news/index.cfm?NewsID=101521
Permalink Bookmark Digg this story
