Firefox is not alone in the critical vulnerability front today. Internet Exploder Explorer has a validation flaw as well. Thor Larholm has posted an exploit PoC on his site.

There is an input validation flaw in Internet Explorer that allows you to specify arbitrary arguments to the process responsible for handling URL protocols. This is the same type of input validation vulnerability that I discovered in the Safari 3 beta (see “Safari for Windows, 0day exploit in 2 hours“).

When Firefox is installed it registers a URL protocol handler called “FirefoxURL”. A typical shell open command for this handler is as follows:

[HKEY_CLASSES_ROOT\FirefoxURL\shell\open\command\@]
C:\\PROGRA~1\\MOZILL~2\\FIREFOX.EXE -url “%1″ -requestPending

When Internet Explorer encounters a reference to content inside the FirefoxURL URL scheme it calls ShellExecute with the EXE image path and passes the entire request URI without any input validation.

Article Link

[tags]IE Exploit, Internet Explorer Exploit, Validation Flaw, 0 Day[/tags]

Leave a Reply

Your email address will not be published. Required fields are marked *