SOURCE: Cenzic
December 17, 2007 08:05 ET
Cenzic Discovers Vulnerabilities and Potential Threats in Google and Microsoft Software
Attacker Could Exploit Threats and Expose Victim's Sensitive Information
SANTA CLARA, CA--(Marketwire - December 17, 2007) - Cenzic
Inc., the leading provider of application security vulnerability assessment
and risk management solutions, today published an advisory regarding
vulnerabilities in Google Gmail and Microsoft Internet Explorer that could
severely impact email systems and user privacy.
Researchers at
Cenzic discovered that a possible cross-site request forgery, in
combination with the improper use of caching directives, could lead to
cross-site scripting and leakage of sensitive information. A hacker could
exploit this vulnerability to access a target's confidential information.
These vulnerabilities could also be exploited such that all users of a
shared computer, who use Internet Explorer and share a user account -- a
common practice at computer kiosks in a library or Internet café -- could
be vulnerable.
"These vulnerabilities demonstrate the serious threats in common services
that users take for granted as being safe and secure," said Mandeep Khera,
VP of marketing at Cenzic. "There's an obvious need for these threats to be
handled in a proactive and timely manner. While large vendors like
Microsoft and Google are being more aggressive in taking measures to
protect their applications, we still have a long way to go. For smaller
ISVs and corporations, the situation is more bleak when it comes to
application security."
Vulnerability specifics:
Google Gmail -- Cenzic discovered the possible Cross-site Request Forgery
(CSRF) on URLs that display attachments when viewed using "View as HTML."
CSRF, in combination with the improper use of caching directives, could
lead to leakage of sensitive information that, when used in conjunction
with the vulnerability in Internet Explorer described below, could
instigate cross-site scripting issues. Cross-site scripting can lead to
various exploits like credential theft, that can give active unauthorized
access to the system.
Microsoft Internet Explorer -- Cenzic uncovered that improper use of
caching directives, combined with incorrect access checks on cached
Internet Explorer files could lead to cached files being maliciously
modified to create a cross-site scripting vulnerability. Cross-site
scripting can be exploited, such that all users of a shared computer, who
use Internet Explorer and share a user account, could be vulnerable. This
is a common scenario in cyber cafes and computer kiosks found at various
airports, hotels, etc.
Under the guidelines of its responsible vulnerability disclosure policy,
Cenzic analysts alerted Google and Microsoft of the issue in November and
alerted CERT. It is Cenzic's policy to
give at-risk vendors ample time to resolve the issue before disclosing
details so that the at-risk site is not attacked. In addition, a client
workaround is available. Clients should disable caching of pages at the
browser level, which will prevent any page from being cached and viewed
later, although it may adversely affect the browsing experience.
About Cenzic
Cenzic is the innovative leader of next-generation application security
assessment and risk management solutions that quickly and accurately find
more "real" application vulnerabilities in both legacy Web 1.0 and Web 2.0
applications. The Cenzic suite of application security solutions fit the
needs of any company from remote, Software as Service (ClickToSecure®),
for testing one or more applications, to a full enterprise-wide solution
(Cenzic
Hailstorm® Enterprise ARC) for effectively managing application
security risks across an enterprise. Cenzic solutions, targeted at
financial services, e-retail, high-tech, energy, healthcare and government
sectors, are the most accurate, comprehensive and extensible in the
industry empowering organizations to stay on top of unrelenting application
security threats.