KEMBAR78
Answer | PDF | Internet Explorer | Malware
Scribd
Upload
273 views3 pages

Answer

Here are some potential organizations to contact about explaining their vulnerability tracking and mitigation processes: - Local computer emergency response team (CERT) or coordinated vulnerability disclosure program. These organizations are specifically focused on vulnerability coordination and may be open to educating students. - Large technology companies like Microsoft, Cisco, or Intel that have dedicated security response teams. They may be willing to discuss their processes at a high level without disclosing sensitive details. - Government agencies like the Department of Homeland Security or National Cybersecurity and Communications Integration Center (NCCIC). These organizations track vulnerabilities nationally but may have restrictions on what they can discuss publicly. - Managed security service providers (MSSPs) that perform vulnerability assessments and incident response

Uploaded by

kalango002
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
273 views3 pages

Answer

Here are some potential organizations to contact about explaining their vulnerability tracking and mitigation processes: - Local computer emergency response team (CERT) or coordinated vulnerability disclosure program. These organizations are specifically focused on vulnerability coordination and may be open to educating students. - Large technology companies like Microsoft, Cisco, or Intel that have dedicated security response teams. They may be willing to discuss their processes at a high level without disclosing sensitive details. - Government agencies like the Department of Homeland Security or National Cybersecurity and Communications Integration Center (NCCIC). These organizations track vulnerabilities nationally but may have restrictions on what they can discuss publicly. - Managed security service providers (MSSPs) that perform vulnerability assessments and incident response

Uploaded by

kalango002
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOC, PDF, TXT or read online on Scribd
You are on page 1/ 3

ANSWER

VULNERABILITIES

C1. Web Browsers


C1.1 Description
Microsoft Internet Explorer is the world's most popular web browser and is installed by default on every
Microsoft Windows system. Unpatched or older versions of Internet Explorer contain multiple vulnerabilities
that can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The most critical
issues are the ones that lead to remote code execution without any user interaction when a user visits a
malicious web page or reads a malicious email. Exploit code for many of these critical Internet Explorer
flaws is publicly available. In addition, Internet Explorer has been leveraged to exploit vulnerabilities in
other core Windows components such as HTML Help and the Graphics Rendering Engine. During the past
year, hundreds of vulnerabilities in ActiveX controls installed by Microsoft and other software vendors have
been discovered. These are also being exploited via Internet Explorer.
Mozilla Firefox is the second most popular web browser after Internet Explorer. It also has a fair share of
vulnerabilities. In 2007, it has released several updates to address publicly disclosed vulnerabilities.
Similarly to Internet Explorer, unpatched or older versions of Firefox contain multiple vulnerabilities that
can lead to memory corruption, spoofing and execution of arbitrary scripts or code. The web sites exploiting
the browser vulnerabilities typically host a several exploits, and even launch the appropriate exploit(s)
based on which browser the potential victim is using.
With the explosion of rich content in web sites, a parallel increase has been seen in the number of Browser
Helper Object and third-party plug-ins used to access various MIME file types such as multimedia and
documents. These plug-ins often support client-side web scripting languages such as Macromedia Flash or
Shockwave. Many of these plug-ins are installed (semi-)transparently by a website. Users may thus not be
aware that an at-risk helper object or plug-in is installed on his/her system. These additional plug-ins
introduce more avenues for hackers to exploit to compromise computers of users visiting malicious web
sites.
In October 2007, for example, systems running Windows XP and Windows Server 2003 with Windows Internet
Explorer 7 were found not to handle specially crafted Uniform Resource Identifiers (URIs) properly. By
creating a specially crafted URI in a PDF document attackers were able to execute arbitrary commands on
vulnerable systems.
While some plug-ins such as Adobe Reader and Quicktime perform version checks and provide an update
feature, these are often bothersome and ignored by users. It is often also difficult to detect which version of
a plug-in is installed. For example, systems may have different versions of Shockwave installed for reasons
of backward compatibility, but the user cannot easily discover which version or versions are running.
These flaws have been widely exploited to install spyware, adware and other malware on users' systems.
The spoofing flaws have been leveraged to conduct phishing attacks. In some cases, these vulnerabilities
were zero-days i.e. no patch was available at the time the vulnerabilities were publicly disclosed. Many
reported plug-ins were also widely exploited by malicious web sites before patches were made available by
the vendor.
In 2007 alone, Microsoft has released multiple updates for Internet Explorer.

• Cumulative Security Update for Internet Explorer (939653) (MS07-057)


• Vulnerability in Vector Markup Language Could Allow Remote Code Execution (938127) (MS07-050)
• Cumulative Security Update for Internet Explorer (937143) (MS07-045)
• Cumulative Security Update for Internet Explorer (933566) (MS07-033)
• Vulnerabilities in GDI Could Allow Remote Code Execution (925902) (MS07-017)
• Cumulative Security Update for Internet Explorer (931768) (MS07-027)
• Cumulative Security Update for Internet Explorer (928090) (MS07-016)
• Vulnerability in Vector Markup Language Could Allow Remote Code Execution (929969) (MS07-004)

Note that the latest cumulative update for Internet Explorer includes all the previous cumulative updates.
Also note that MS07-017 does not list vulnerabilities in Internet Explorer; however, the most common avenue
of exploitation is via Internet Explorer.
C1.2 Operating Systems Affected
While in theory any web browser on any operating system is vulnerable, the most common web browsers will
tend to be targeted most by attackers. The two most popular web browsers on the Internet today are
Microsoft Internet Explorer and Mozilla Firefox.
Internet Explorer 5.x, 6.x and 7 running on all versions of Windows are affected
Firefox running on any version of compatible operating systems is potentially vulnerable.
As plug-ins are generally used to enable access to third party file formats, many plug-in vulnerabilities apply
to all compatible browsers on all operating systems. Any web browser running on any version of any
operating system is potentially vulnerable.

Step 2: Fill in information about the vulnerability:

Original release date:   2/13/2007
Last revised:  5/16/2007
Source:    US­CERT/NIST
Overview:
__
Microsoft  Internet_Explorer 5.01, 6 y 7 usan objetos  COM   de   Imjpcksid.dll   como 
Activex   Controls,   el   cual   permite   a   los   intrusos   ejecutar   vías   desconocidas 
arbitrariamente.

Step 3: Fill in information about the vulnerability impact:

CVSS Severity:  (Version 2.0): 
Base Score: 9.3 (High)
Range:  8.6
Authentication:   No requiere expansión
Impact   Type:       Proporciona   permiso   de   administrador,   permite   completa 
confiabilidad,   integridad   y   violación   disponible,   permite   acercamiento   de   la 
información no autorizada, permite interrupción del servicio.
The   next   heading   contains   links   with   information   about   the   vulnerability   and 
possible solutions.
Step 4: Using the hyperlinks, write a brief description of the
solution as found on those pages.

 Rta/: Aplicar actualizaciones de Microsoft con los boletines de seguridad , a la vez 
estos paquetes actualizados se adquieren desde los sistemas de distribución de 
los servicios actualizados de los servidores de Windows ( WS­US). 
CCNA Exploration
Network Fundamentals:
Living   in   a   Network­Centric   World   Activity   1.4.5   Identifying   Top   Security 
Vulnerabilities

Task 4: Reflection

The   number   of   vulnerabilities   to   computers,   networks,   and   data   continues   to 


increase.  The governments  have  dedicated  significant  resources to coordinating 
and   disseminating   information   about   the   vulnerability   and   possible   solutions.   It 
remains the responsibility of the end user to implement the solution. Think of
Ways that users can help strengthen security. Think about user habits that create 
security risks.
Rta/:
• Mantener actualizado el equipo.
• Descargar archivos de paginas confiables.
• Instalar Software originales.
• Activar   las   actualizaciones   internas   del   sistema   operativo   (firewall,   scan 
diario, antivirus actualizado).
• Manejar el Parental Control.

Task 5: Challenge

Try to identify an organization that will meet with us to explain how vulnerabilities 
are tracked and solutions applied. Finding an organization willing to do this may be 
difficult,   for   security   reasons,   but   will   benefits   students,   who   will   learn   how 
vulnerability mitigation is accomplished in the world. It will also give representatives 
of the organization an opportunity to meet the class and conduct informal intern 
interviews.

You might also like