Bugs and Fixes: Holey Browsers--Make Yours Secure
Plug browser holes, fix Win Me's System Restore, cure a TiVo bug.
Stuart J. Johnston
From the July 2001 issue of PC World magazine
Posted Monday, May 21, 2001
Remember the browser wars? In the Web's early days, Netscape and
Microsoft fought tooth and nail to deliver the best browser. These days,
though, the news is more often about whose browser is most buggy.
Unfortunately, this contest appears to be a dead heat between Netscape and
Internet Explorer.
A few months ago, Netscape released a new plug-in for its 4.7x
browsers--SmartDownload 1.3, which is supposed to simplify the process of
downloading and installing new files. Netscape's plug-in works with other
companies' browsers, including IE--versions 4.0 through 5.5--and several Linux
browsers.
However, a hole in SmartDownload 1.3 could let an attacker take over
your PC. The hacker could do anything you can do on your computer, such as
access your files. According to bug hunter Fred Swiderski, the problem revolves
around an "unchecked buffer." If you have SmartDownload 1.3 installed, a
malicious operator can access your machine by sending a buffer too many
characters for it to handle.
Researchers at SecurityFocus.com, who also
discovered the flaw, point out that if you click a link on a Web page that has
an attack program lurking behind it, the hacker can take charge of your PC. So
far, no real-world instances of this type of attack have been reported.
Netscape released SmartDownload
1.4 to fix the problem; you can also download version
1.4 from our Downloads library. (If your system has
SmartDownload 1.2 or earlier, your PC isn't vulnerable.) Also check out
Netscape's security
bulletin. In the meantime, stay away from sites you're not sure
you can trust. Better safe than sorry.
Latest Leak in Internet Explorer
Microsoft isn't off the hook this month. In the past, it has
acknowledged and fixed bugs quickly. This time, though, the company is slow to
provide a solution.
Veteran bug sleuth Georgi Guninski discovered a trick whereby a bad
guy could disguise a dangerous executable file as something innocuous, like a
common text file. If you click on such a file as an attachment in an e-mail
message, IE steps in to open the file--and you may thereby be giving control of
your computer to a wild program.
The deception takes advantage of an obscure feature of IE 5 called a
Class ID that lets attackers create a fake extension, such as .txt, .bmp, or
.gif, for a file intended to do your PC harm. The program that falsifies the
extension is called an HTML application, or HTA.
At the time of this writing, Microsoft says it is still investigating
the problem. For now, if you right-click the name of a file you receive in an
e-mail message and choose Properties, a dialog box will display the
file's true type. If the item looks like file.txt but Properties tells you it's really file.hta, delete the e-mail immediately.
| 
