Secure Target Network (Security Advisory December 31, 2003)
Topic: New IE Thread crashes by WU
Discovery Date: December 30, 2003
Original Advisory
External: Full-Disclosure
Affected applications and platforms:
Microsoft Internet Explorer 6 Service Pack 1
Introduction:
Any time you open your Windows Update (WU / wupdmgr.exe) and go to “Scan for Updates”; it takes a couple of minutes (based on your system and Net performances) for Microsoft scripting tasks to gather information from your fixing/patching data on your machine.
A security bug exist because when you are in the period which WU scanning your host, you cannot open any New IE windows from some applications and opening this new window just takes time, as long as WU ending its scanning, and it means hanging.
First, it is a security bug because it faces with availability of a component on a windows box. Second, it happens when you open a new IE window from these two situations below:
1. Opening a new IE window by clicking on a hyper link in OE.
2. Opening a new IE window by clicking on a hyper link in IE.
Remember that for facing with this issue, you shouldn’t have an old IE Thread opened from OE or IE before.
Exploit:
This bug may not provide an opportunity to threat a windows box machine with attacks and exposures but it may cause DoS anyway.
Workaround:
The easiest way to work around this vulnerability is just let WU finishing its scanning and then work with IE and OE as usual.
Tested on:
Internet Explorer 6 Service Pack 1 (6.0.2800.1106) and Outlook Express 6.00.2800.1123 on Windows XP Service Pack 1
Feedback:
Kaveh Mofidi ( Admin (at) SecureTarget [dot] net )
Secure Target Network (Security Consulting/Training Group