IE Vulnerabilities Patched

Microsoft Corp. Wednesday night issued a software hotfix to patch several new vulnerabilities in its Internet Explorer Web browser.

In a bulletin, which it dispatched to members of its security mailing list, Microsoft indicated that the new patch actually fixes three vulnerabilities that variously affect its Internet Explorer 5.01, 5.5 and 6.0 Web browsers.

According to Microsoft, the first vulnerability has to do with the way in which IE handles URLs that include so-called “dotless” IP addresses. Dotless IP addresses – which are commonly used by spammers --- are 32-bit numbers that resolve into equivalent dotted IP formats.

Because of the way in which IE handles these addresses, Microsoft says, it’s possible that a malicious attacker could send a URL via e-mail or embedded within a Web page to entice a user to click on a malformed dotless IP address. An example would be http://3515228543/ (rather than or –- which would then trick IE into opening the site in its less secure “Intranet” zone context.

The software giant claims that an exploit of this kind is mitigated to some extent because the security restrictions associated with IE’s “Intranet” zone aren’t much more relaxed than those which apply to its “Internet” zone, and because the vulnerability affects only IE 5.01 and IE 5.5 and *not* IE 6.0. Microsoft patched a similar vulnerability in IE 4.x in October of 1998.

The next vulnerability – which affects IE versions 5.01, 5.5 and 6.0 – has to do with the way in which IE processes URLs that refer to third-party Web sites. According to Microsoft, a malicious hacker could encode an URL “in a particular way” such that she could include spoofed HTTP requests which would be sent to a third-party Web site.

The software giant allows that if an attacker exploits this vulnerability against a Web-based service, she could “take action on the user’s behalf, including sending a request to delete data.” Microsoft claims that an attack of this could would be “difficult to carry out,” however.

Like the dotless IP address exploit discussed above, the final vulnerability addressed in last night’s security bulletin represents a variation on a once-exploited theme -- in this case, the manner in which IE invokes TELNET sessions. By default, Microsoft says, IE will accept whatever command line options a referring Web site specifies when it invokes a TELNET session.

This particular vulnerability affects only the version of TELNET which ships with Microsoft’s Services for Unix (SFU) 2.0 software (running on either Windows NT 4.0 or Windows 2000). Because the SFU TELNET client includes an option that lets a user create a verbatim transcript of a TELNET session, the software giant acknowledges, it’s possible that an attacker could exploit IE to invoke a TELNET session with its command-line logging switch enabled.

The result would be that she could then “stream an executable file onto the user’s system in a location that would cause it to be executed automatically the next time the user booted the machine,” the security bulletin indicates. The result, of course, is that an attacker could run arbitrary code on a compromised server.

Microsoft stressed that this vulnerability affects only the TELNET client that ships with SFU 2.0. The software giant says that IE versions 5.01, 5.5 and 6.0 are vulnerable to this exploit.

About the Author

Stephen Swoyer is a Nashville, TN-based freelance journalist who writes about technology.


  • Surface and ARM: Why Microsoft Shouldn't Follow Apple's Lead and Dump Intel

    Microsoft's current Surface flagship, the Surface Pro X, already runs on ARM. But as the ill-fated Surface RT showed, going all-in on ARM never did Microsoft many favors.

  • IT Security Isn't Supposed To Be Easy

    Joey explains why it's worth it to endure a little inconvenience for the long-term benefits of a password manager and multifactor authentication.

  • Microsoft Makes It Easier To Self-Provision PCs via Windows Autopilot When VPNs Are Used

    Microsoft announced this week that the Windows Autopilot service used with Microsoft Intune now supports enrolling devices, even in cases where virtual private networks (VPNs) might get in the way.

  • Most Microsoft Retail Locations To Shut Down

    Microsoft is pivoting its retail operations to focus more on online sales, a plan that would mean the closing of most physical Microsoft Store locations.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.