- Recommend:
Malformed Dotless IP Address Security Patch
- Downloads Count: 6,766
- License Type: Free
- Price: Free
- Date Added: Oct 30, 2002
- Operating Systems: Microsoft Windows NT 4.0, Microsoft Windows 2000, Microsoft Windows 98, Microsoft Windows ME, Microsoft Windows 98, Microsoft Windows ME, Microsoft Windows XP
- Author: Microsoft
Description of Malformed Dotless IP Address Security Patch
This patch eliminates three bugs affecting Internet Explorer. One deals with dotless IP addresses (for example, http://031713501415 rather than http://207.46.131.13). Through this bug, your browser would not recognize the page as an Internet page, but as an Intranet page, and the page would run with fewer security restrictions as a result.
The second bug the app fixes involves how IE handles URLs that specify third-party sites. By encoding an URL in a particular way, it would be possible for an attacker to include HTTP requests that would be sent to the site as soon as a connection had been established. These requests would appear to have originated from the user. If exploited against a Web-based service (for example, a Web-based mail service), it could be possible for the attacker to take action on the user's behalf, including sending a request to delete data.
The third bug fixed is a new variant of a former vulnerability discussed in Microsoft Security Bulletin MS01-015, affecting how Telnet sessions are invoked via IE. By design, telnet sessions can be launched via IE. However, a vulnerability exists because when doing so, IE will start Telnet using any command-line options the Web site specifies. This only becomes a concern when using the version of the Telnet client that installs as part of Services for Unix (SFU) 2.0 on Windows NT 4.0 or Windows 2000 machines.
The version of the Telnet client in SFU 2.0 provides an option for creating a verbatim transcript of a Telnet session. An attacker could start a session using the logging option, then stream an executable file onto the user's system in a location that would cause it to be executed automatically the next time the user booted the machine. The flaw does not lie in the Telnet client, but in IE, which should not allow Telnet to be started remotely with command-line arguments.
Sponsored
-
DiskLogon adopts the latest identification and authentication technologies, allowing you to use your memory card, USB Pen Drive or MP3 Player to log on to your computer.
-
Get bug fixes and recently added features for IE.
-
Control how your browser reads Web pages.
-
Stop hackers from executing code on your PC.
-
Prevent an attacker from running dangerous code on your PC.
-
Send instant audio, text, and video messages over the Net.
-
Prevent snoopers from viewing your passwords and browsing history.
-
Enhance Internet searches via Internet Explorer directly from the address bar.
-
Fix all of the known security bugs in Internet Explorer 5.5 and 6.
-
Search in a whole new way using a visual representation of the Internet.
-
IdeaPad U300s If there's a laptop that deserves the moniker "Ultrabook" it's the Lenovo IdeaPad U300s.
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad T420 Just about every IT person we know swears by the T series--for their clients and themselves.
Buy now direct from Lenovo
Ad Choices