-----BEGIN PGP SIGNED MESSAGE----- Internet Security Systems Protection Alert June 25, 2004
Internet Explorer Cross-Zone Vulnerability Exploitation Summary: Active exploitation of a cross-zone privilege escalation vulnerability in Internet Explorer has been observed. This vulnerability is exploited to install spyware-like malicious applications on target systems. Web-sites are being actively compromised using the PCT1 overflow vulnerability. Web-browsing users are then compromised when visiting these web-sites which have been modified to serve malicious content. There is no vendor-supplied patch for Internet Explorer as of the time of publication, however ISS has shipped product protection for this issue. ISS Protection Strategy: ISS has provided preemptive protection for these vulnerabilities. We recommend that all customers apply applicable ISS product updates. Network Sensor 7.0, Proventia A and G: XPU 22.25 / June 21, 2004 HTTP_IE_ADODB_Stream_SaveToFile Proventia M: XPU 1.23 / June 21, 2004 HTTP_IE_ADODB_Stream_SaveToFile ISS has also provided protection for the PCT1 vulnerability used to compromise web-servers. This protection has been available for ISS customers since September 2003. Network Sensor 7.0, Proventia A and G: XPU 22.19 SSL_PCT1_Overflow Proventia M: XPU 1.17 SSL_PCT1_Overflow These updates are now available from the ISS Download Center at: http://www.iss.net/download. For customers that have not updated to the latest XPU, ISS is able to provide a custom rule to detect exploitation. This rule is available through your technical support representative. Business Impact: By exploiting a cross-zone privilege escalation in Internet Explorer, it is possible for an attacker to run arbitrary code on target systems. In order to exploit this vulnerability, a victim would have to visit or be somehow lured to a malicious or compromised website. Successful exploitation can be leveraged to gain complete control over target systems, and may lead to spyware installation, exposure of confidential information, or further network compromise. For the complete X-Force Protection Alert, please visit: http://xforce.iss.net/xforce/alerts/id/177 ______ About Internet Security Systems (ISS) Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a pioneer and world leader in software and services that protect critical online resources from an ever-changing spectrum of threats and misuse. Internet Security Systems is headquartered in Atlanta, GA, with additional operations throughout the Americas, Asia, Australia, Europe and the Middle East. Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved worldwide. Permission is hereby granted for the electronic redistribution of this document. It is not to be edited or altered in any way without the express written consent of the Internet Security Systems X-Force. If you wish to reprint the whole or any part of this document in any other medium excluding electronic media, please email xforceiss.net for permission. Disclaimer: The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information. X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, as well as at http://www.iss.net/security_center/sensitive.php Please send suggestions, updates, and comments to: X-Force xforceiss.net of Internet Security Systems, Inc. -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBQNxl/DRfJiV99eG9AQFECgQAkqc4RHSfvuiso/uJLQt1NhzJD2Jws0uC IN4fqXZqv4bw+weiaNkGZ9rvBzmbI3tkbNSNDFpAHkG7i+EY+qMH0b9Ef3doWyFn zOrKmk8e6uFRT+AkqHSODMDCcj1UVcaChOjj6s5SsGzbN40TiU6qMb8//Lz7mAjR 5q1rxG0RN5Y= =ixPM -----END PGP SIGNATURE----- _______________________________________________ ISSForum mailing list [EMAIL PROTECTED] TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum To contact the ISSForum Moderator, send email to [EMAIL PROTECTED] The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.
