Exploit for Unpatched Internet Explorer vulnerability



Well…. buckle your seatbelts it’s going to be a bumpy start to the week.

the securityfix as well as incidents.org are reporting on exploit code that has been released that takes advantage of an unpatched Internet Explorer vulnerability. According to the Sans institute diary entry… they have tested the exploit code and it remotely launched the calculator application, so this is a remote code execution vulnerability and can have SERIOUS consequences.


The exploit is in IE’s javascript, so one way to workaround is to disable javascript in IE. Another way is to use a different browser. No joke. Opera, Mozilla Firefox, or Netscape are all safe alternatives for this exploit. Of course, my favorite is firefox…

It is noted by incidents that future javascript vulnerabilities could be found that affect other browsers such as firefox. As always keep current on updates and it pays to tune into a site such as the securityfix or Incidents.org (sans institute, or here. I cannot guarantee that I’ll be getting things out as fresh as the two above though.

There is currently NO PATCH OR UPDATE for this Explorer vulnerability and it allows remote code execution. So, a malicious website could exploit it to remotely install spyware or adware for instance. If you browse with Internet Explorer right now, you are running a fair risk.

This would be what’s called a 0-day (zero-day) exploit, one that takes advantage of a previously unknown or unpatched vulnerability.

–update 12:03PM EST–

I’m seeing reports of the exploit code causing browser crashes, so it may be that it’s not 100% “effective” at the remote software execution. It still should be considered very serious. Secunia rates it at the highest severity “extremely critical”. It appears that this is a revision of an earlier vulnerability (the earlier vulnerability was reported as a Denial of Service attack vulnerability, this new angle ups the ante to remote code execution.)

–update 7:26PM EST–

The Sans Institute has raised the infocon to Yellow in light of the issue this afternoon. (You may notice the bar on the bottom of these pages. They also have reports that the DoS (Denial of Service ) attack affects Safari on OS X, but haven’t been able to duplicate on either 10.3 or 10.4…

From Microsoft, Windows Server 2003 and Server 2003 SP1 running in Enhanced Security Configuration (their default) are unaffected, at this point all others should be expected to be at risk.

–update 11:54PM EST–

Here’s the link to Microsoft’s advisory.

Related Posts

Blog Traffic Exchange Related Posts
  • 3 Critical Microsoft Updates, 1 Important, 1 Moderate and 1 re-released Looks like an interesting patch day. Looks like there are several bugs covered by the cumulative IE patch... Sans has a good writeup (7 CVE issues addressed by this 1 patch....) Also the Eolas ActiveX settlement ("Eolas Patent Patch") solution seems to be included in this bundle. Also a MDAC......
  • Zero Day explorer update again There doesn't seem much new on this front, but... The register is talking about it., US-CERT says the exploit code is publicly available, although Microsoft says they're not aware of any attacks. And Secunia has an advisory (I'm not sure, I may have mentioned the Secunia advisory earlier.) I'm not......
  • More WMF problems for Windows I can't really say I'm surprised, after the big WMF vulnerability of the last couple weeks, I suspected we'd see closer scrutiny of other WMF "vectors".... but..... The SecurityFix is one of the outlets, that have been reporting on another WMF vulnerability. According to the analysis so far, it can......
Blog Traffic Exchange Related Websites
  • Microsoft Security Bulletin MS10-046 - Critical Microsoft Security Bulletin MS10-046 - Critical Vulnerability in Windows Shell Could Allow Remote Code Execution (2286198) Published: August 02, 2010 | Updated: August 03, 2010 Version: 1.1 General Information Executive Summary This security update resolves a publicly disclosed vulnerability in Windows Shell. The vulnerability could allow remote code execution if the icon......
  • 8 Step Recipe for Good Corporate Blogging Regardless of whether you already have a corporate blog, or if you are planning on starting one, if you want to turn your blog into a successful endeavor for your business, you need to have a recipe for success. Blogs that work well at attracting new clients and readers have......
  • Internet Explorer 8 blocks a billion malware downloads James Pratt, Microsoft’s Product Manager stated in a blog post , “The SmartScreen team just informed me that we’ve reached an amazing milestone – Internet Explorer 8 has blocked 1 billion attempts to download malware!” The SmartScreen Filter evaluates URLs and their associated servers. If the software recognizes a server......
www.pdf24.org    Send article as PDF   

Similar Posts


See what happened this day in history from either BBC Wikipedia
Search:
Keywords:
Amazon Logo

Comments are closed.


Switch to our mobile site