Infocon goes to yellow because of new IE vulnerability.
-------------------------------
http://isc.sans.org/diary.php?date=2006-03-23
Handler's Diary March 23rd 2006
IE exploit on the loose, going to yellow (NEW)
Published: 2006-03-23,
Last Updated: 2006-03-23 20:18:59 UTC
by Jim Clausing (Version: 1)
Folks, as Lorna predicted yesterday, it didn't take long for
the exploits to appear for that IE vulnerability. One has been
making the rounds that pops the calculator up (no, I'm not
going to point you to the PoC code, it is easy enough to find
if you read any of the standard mailing lists), but it is a
relatively trivial mod to turn that into something more
destructive (in fact, one of our readers has provided us with a
version that he created that is more destructive). For that
reason, we're raising Infocon to yellow for the next 24 hours.
Workarounds/mitigation:
Microsoft has posted this and suggests that turning off Active
Scripting will prevent this exploit from working. You could,
of course, always use another browser like Firefox or Opera,
but remember that IE is so closely tied to other parts of the
OS, that you may be running it in places where you don't
realize you are.
One of our readers asked whether DropMyRights from Microsoft
would provide any protection. We haven't had an opportunity to
test that out.
I understand a snort signature to detect the exploit has been
checked in to bleeding-snort, I'll update the story with a URL
for the sig as soon as I find it.
References:
Original Secunia bulletin: http://secunia.com/advisories/18680/
Microsoft blog:
http://blogs.technet.com/msrc/archive/2006/03/22/422849.aspx
-------------------------------
<http://isc.sans.org/diary.php?date=2006-03-22>
New IE Vulnerability
Published: 2006-03-22,
Last Updated: 2006-03-22 19:30:08 UTC
by Lorna Hutcheson (Version: 1)
There is a new exploit for Internet Explorer that was released
by Secunia today. The exploit allows for arbitrary code
execution. From the Secunia advisory:
"The vulnerability is caused due to an error in the processing
of the "createTextRange()" method call applied on a radio
button control. This can be exploited by e.g. a malicious web
site to corrupt memory in a way, which allows the program flow
to be redirected to the heap."
In simpler terms, its a heap overflow just waiting to happen. I
doubt will have to wait long for exploit code to be published.
There are no security workarounds at this time. We will keep
you posted if we find out any additional information.
-------------------------------
--
----------------------------------------
To unsubscribe, mailto: [EMAIL PROTECTED]
Is your picture included in the Official Win-Home List Members Profiles Page?
http://www.besteffort.com/winhome/Profiles.html
If not, write to: [EMAIL PROTECTED]
