IE exposing URLs to msn.com and alexa.com?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Has anyone been able to verify this?

http://www.secunia.com/advisories/8955/

Internet Explorer Exposes Sensitive Information

Release Date:
2003-06-06

Critical:
Moderately critical

Impact:
Exposure of sensitive information

Where:
 From remote

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

Software:
Microsoft Internet Explorer 6

Description:
A vulnerability has been identified in Internet Explorer, which exposes sensitive information to "msn.com" and "alexa.com".

  While this is a known "feature" when the "Show Related Links" option is activated in Internet Explorer, there is a bug, so that Internet Explorer will keep transmitting the information to "msn.com" and "alexa.com" after "Show Related Links" has been de-activated. This occurs whenever "Ctrl+R" is used to reload a page.

  To make matters worse, it has been confirmed that this behaviour also affects SSL enabled pages. One thing is that Microsoft has chosen to make a "feature", which reveals this information to "msn.com" and "alexa.com", but the fact that information, which was supposed to be protected by SSL and sent only to one site, is sent in plain text to a third party ("msn.com" and "alexa.com") is of great concern.

  The data transmitted to "msn.com" and "alexa.com" is the complete URL. In some cases this could contain sensitive information such as username, password, session id, search string, "secret paths", and more.

  The vulnerability has been confirmed for Internet Explorer 6 on Windows 2000 and Windows XP with all Service Packs and hotfixes.

  It is Microsoft that controls who else than "msn.com" should receive this information. Microsoft could at any time choose to send this information to another party than "alexa.com".

Solution:
We recommend that you filter traffic at your perimeter so that no data may be sent to "msn.com" and "alexa.com".

Do you need more help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

  Make sure that you don't use the "Show Related Links" feature or that you close your browser after you have used it.

  For other alternative solutions see "Other References".

Reported by / credits:
Mike Shepherd

Changelog:
2003-06-09 Minor correction. Added link to alternative solutions.

Other References:
http://www.imilly.com/alexa.htm#subvert

Stewart Smith
stewart@gammasolutions.com
Programmer / UNIX Sys Admin

Gamma Solutions Pty Ltd
Monash Corporate Centre,
Unit 11, 20 Duerdin Street,
Clayton, Victoria 3168

Phone:  +61 3 9562 7755
Fax:    +61 3 9562 7766
Mobile: +61 4 3884 4332

iD8DBQE+7mZZFtJC9tN9SokRAo1zAJ93g0roDJlfeZXSI5CQXY99X5t+ZgCgl9Wq kK3vp6lnViXndwoYPkXrj0E=
=3zvI
-----END PGP SIGNATURE-----
Received on Thu Jun 19 13:02:05 2003

Can we help you?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek