New Microsoft Flaw

Discussion in 'other security issues & news' started by Starrob, Aug 18, 2005.

Thread Status:
Not open for further replies.
  1. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Starrob, Aug 18, 2005
    #1
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,083
    Location:
    Texas
    Microsoft Warns of IE Zero-Day Exploit

    Story
     
    ronjor, Aug 18, 2005
    #2
  3. Tom772

    Tom772 Guest

    Re: Microsoft Warns of IE Zero-Day Exploit

    Once again, i owe you a beer!!;) T
     
    Tom772, Aug 18, 2005
    #3
  4. Kye-U

    Kye-U Security Expert

    Joined:
    Jun 11, 2004
    Posts:
    481
    Re: Microsoft Warns of IE Zero-Day Exploit

    For Proxomitron users, a workaround:

    Code:
    [Patterns]
Name = "IE: Msdds.dll Class ID Exploit Remover [Kye-U]"
Active = TRUE
URL = "(^$TYPE(css))"
Limit = 64
Match = "clsid:EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F"
Replace = "$ALERT(Msdds.dll Class ID Exploit Removed on:\n\n\u)"
     
    Kye-U, Aug 18, 2005
    #4
  5. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    Re: Microsoft Warns of IE Zero-Day Exploit

    I submitted the MS page with all the CLSIDs to Online Armor, so hopefully the appropriate ones will be added to it's web shield soon :)
     
    Notok, Aug 19, 2005
    #5
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    164,083
    Location:
    Texas
    'Killbit' Workaround for Zero-Day IE Flaw Available

    Link
     
    ronjor, Aug 19, 2005
    #6
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    For those users of programs such as Spywareblaster which has the capability to add custom ActiveX kill-bits....they can add the below CLSID which will set the "killbit" for msdds.dll.

    EC444CB6-3E7E-4865-B1C3-0DE72EF39B3F

    As noted in the Sans article....[​IMG] "Of course, this will break ActiveX applications which use msdds.dll legitimately. Use at your own risk, and let us know if you find any such ActiveX applications."
     
    Bubba, Aug 19, 2005
    #7
  8. Tom772

    Tom772 Guest

    Bubba, does any of this affect usrs of Firefox, or does this just relate to IE or the Operating System in general?

    Thanx T
     
    Tom772, Aug 20, 2005
    #8
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...