From Dark Reading

Microsoft investigating threat, considering patch or offering guidance for protection

A researcher at Black Hat DC next week will demonstrate how an attacker can steal files from a victim's machine by abusing a combination of actual features in Internet Explorer.

Jorge Luis Alvarez Medina, a security consultant with Core Security Technologies, says popular features in IE such as URL Security Zones and IE's SMB file-sharing protocol, can together be abused in order to execute an attack that results in the attacker being able to read all files on the victim's machine. Medina plans to release proof-of-concept code for the attack next month after Black Hat DC, and after Microsoft issues a security update for the attack, which affects IE Versions 6 and above, he says.

"These vulnerabilities are just features ... the implementation of the features allow you obtain certain information which by itself is harmless. But when combined together with other features, it renders an attack vector," Medina says. The attack requires that the user click on a malicious link.

Microsoft had previously patched two vulnerabilities in URL Security Zones that were initially discovered by Core, that allow an attacker to cheat the security zones feature. But the patches don't prevent this new attack, Medina says. [More...] [Comments...]