This one is apparently bad. Code is in the wild and they expect for
some to start exploiting it. All versions of IE are affected except for
the IE 7 beta 2 that was released 4 days ago. There are no patches out
yet for the other versions of the browser. You cannot be infected
through Outlook or Outlook Express, but they do believe that attackers
might trick users to click on links from E-mail messages as a way of
propagating.
Based on experience, I would expect for the exploit to be delivered by
plain/text or text/html messages that contain a link to an IP address,
which would be another infected computer. Other such exploits have
followed this path, though they have been mostly unsuccessful. This can
however be a very effective way of delivering viruses since newly
infected computers aren't as likely to be blacklisted, and virus
scanners mostly won't pick this up. Declude using PRESCAN ON won't scan
such messages, but I and some others have asked that PRESCAN ON be
triggered by any linked IP address in the body of a message so that
scanners can be called on phishing and linked viruses such as this
potential exploit. I would like to request that again from Declude, but
in the mean time, I will cross my fingers and hope that this potential
never materializes. Note that PRESCAN ON saves about 50% or more CPU
utilization when using two scanners, so turning it off isn't practical
for many of us.
Microsoft Security Advisory (917077)
Vulnerability in the way HTML Objects Handle Unexpected Method Calls
Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/917077.mspx
Matt
---
This E-mail came from the Declude.Virus mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.Virus". The archives can be found
at http://www.mail-archive.com.
