SOURCE: Cenzic

December 17, 2007 08:05 ET

Cenzic Discovers Vulnerabilities and Potential Threats in Google and Microsoft Software

Attacker Could Exploit Threats and Expose Victim's Sensitive Information

SANTA CLARA, CA--(Marketwire - December 17, 2007) - Cenzic Inc., the leading provider of application security vulnerability assessment and risk management solutions, today published an advisory regarding vulnerabilities in Google Gmail and Microsoft Internet Explorer that could severely impact email systems and user privacy.

Researchers at Cenzic discovered that a possible cross-site request forgery, in combination with the improper use of caching directives, could lead to cross-site scripting and leakage of sensitive information. A hacker could exploit this vulnerability to access a target's confidential information. These vulnerabilities could also be exploited such that all users of a shared computer, who use Internet Explorer and share a user account -- a common practice at computer kiosks in a library or Internet café -- could be vulnerable.

"These vulnerabilities demonstrate the serious threats in common services that users take for granted as being safe and secure," said Mandeep Khera, VP of marketing at Cenzic. "There's an obvious need for these threats to be handled in a proactive and timely manner. While large vendors like Microsoft and Google are being more aggressive in taking measures to protect their applications, we still have a long way to go. For smaller ISVs and corporations, the situation is more bleak when it comes to application security."

Vulnerability specifics:

Google Gmail -- Cenzic discovered the possible Cross-site Request Forgery (CSRF) on URLs that display attachments when viewed using "View as HTML." CSRF, in combination with the improper use of caching directives, could lead to leakage of sensitive information that, when used in conjunction with the vulnerability in Internet Explorer described below, could instigate cross-site scripting issues. Cross-site scripting can lead to various exploits like credential theft, that can give active unauthorized access to the system.

Microsoft Internet Explorer -- Cenzic uncovered that improper use of caching directives, combined with incorrect access checks on cached Internet Explorer files could lead to cached files being maliciously modified to create a cross-site scripting vulnerability. Cross-site scripting can be exploited, such that all users of a shared computer, who use Internet Explorer and share a user account, could be vulnerable. This is a common scenario in cyber cafes and computer kiosks found at various airports, hotels, etc.

Under the guidelines of its responsible vulnerability disclosure policy, Cenzic analysts alerted Google and Microsoft of the issue in November and alerted CERT. It is Cenzic's policy to give at-risk vendors ample time to resolve the issue before disclosing details so that the at-risk site is not attacked. In addition, a client workaround is available. Clients should disable caching of pages at the browser level, which will prevent any page from being cached and viewed later, although it may adversely affect the browsing experience.

About Cenzic

Cenzic is the innovative leader of next-generation application security assessment and risk management solutions that quickly and accurately find more "real" application vulnerabilities in both legacy Web 1.0 and Web 2.0 applications. The Cenzic suite of application security solutions fit the needs of any company from remote, Software as Service (ClickToSecure®), for testing one or more applications, to a full enterprise-wide solution (Cenzic Hailstorm® Enterprise ARC) for effectively managing application security risks across an enterprise. Cenzic solutions, targeted at financial services, e-retail, high-tech, energy, healthcare and government sectors, are the most accurate, comprehensive and extensible in the industry empowering organizations to stay on top of unrelenting application security threats.

Contact Information

  • Contact:
    Tami Casey
    Kulesa PR for Cenzic
    (650) 340-1984
    Email Contact