Virus Information Center
 Online HelpDesk Home
 Security Information
 Members Only Home
 Check Your Email

.Member Services Team
.HelpDesk/Tech Support





First Step Internet Security Alert

Cyber Security Alert SA04-163A
Cross-Domain Vulnerability in Internet Explorer

Original release date: June 11, 2004
Last revised: --
Source: US-CERT

Systems Affected
Microsoft Windows systems

Overview
Microsoft Internet Explorer (IE) contains a flaw that could allow attackers to run programs of their choice on your computer.

Description
Microsoft IE uses a cross-domain security model to separate content from different sources. A flaw in the model makes IE vulnerable to a cross-domain violation. Attackers could exploit this flaw to execute programs on your computer.

Resolution

  • Apply a patch
    Although a patch is not yet available for this issue, it is a good practice to use Microsoft Windows Update to help ensure the security of your computer.

  • Disable Active scripting and ActiveX Controls
    Instructions for disabling Active scripting and ActiveX controls in the Internet Zone can be found in the Malicious Web Scripts FAQ.

  • Do not follow unsolicited links
    Do not click on unsolicited URLs received in email, instant messages, web forums, or internet relay chat (IRC) channels.

  • Run and maintain an antivirus product
    It is important that you use antivirus software and keep it up to date. Most antivirus software vendors frequently release updated information, tools, or virus databases to help detect and recover from virus infections. Many antivirus packages support automatic updates of virus definitions. US-CERT recommends using these automatic updates when possible.
References

* US-CERT Technical Alert TA04-163A -
<http://www.us-cert.gov/cas/techalerts/TA04-163A.html>

* Vulnerability Note VU#713878 -
<http://www.kb.cert.org/vuls/id/713878>

* Microsoft Windows Update -
<http://windowsupdate.microsoft.com/>

* Malicious Web Scripts FAQ -
<http://www.cert.org/tech_tips/malicious_code_FAQ.html>

* Protect Your PC -
<http://www.microsoft.com/security/protect/default.asp>

Author: Michael Durkota
_________________________________________________________________

Copyright 2004 Carnegie Mellon University.
Terms of use: <http://www.us-cert.gov/legal.html>

_________________________________________________________________

Feedback: <mailto:cert@cert.org>
Please include the Subject line "SA04-104A Feedback VU#667571".
_________________________________________________________________

The most recent version of this document can be found at:
<http://www.us-cert.gov/cas/alerts/SA04-163A.html>

_________________________________________________________________

Revision History
 June 11, 2004: Initial release