Critical IE bug in the wild.

Discussion in 'other security issues & news' started by JayK, Feb 23, 2004.

Thread Status:
Not open for further replies.
  1. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Critical IE bug in the wild!

    Microsoft Internet Explorer has been reported prone to an unspecified vulnerability when handling CHM files. The issue is reportedly exploitable to provide for automatic delivery and execution of an arbitrary executable. This would occur when malicious web content is rendered in Internet Explorer.

    It has been reported that this vulnerability is actively being exploited as an infection vector for malicious code that has been temporarily dubbed 'Ibiza'.

    Microsoft Internet Explorer has been reported prone to an unspecified vulnerability when handling CHM files. The issue is reportedly exploitable to provide for automatic delivery and execution of an arbitrary executable. This would occur when malicious web content is rendered in Internet Explorer.

    It has been reported that this vulnerability is actively being exploited as an infection vector for malicious code that has been temporarily dubbed 'Ibiza'.

    Workaround:
    It may be possible to workaround this issue by renaming the following registry entry, this however has not been confirmed:

    HKEY_CLASSES_ROOT\PROTOCOLS\Handler\ms-its

    This may not eliminate the vulnerability but using a different name for the handler may mitigate existing exploits.

    Disabling the execution of CHM files may help mitigate this issue as well.




    Solution:
    Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.


    http://www.securityfocus.com/archive/1/354447/2004-02-19/2004-02-25/0
     
  2. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
    Thankfully, .chm extensions have already beeen being handled here by WormGuard, due to a suggestion by someone here to do so.

    If whatever "script-handling" program you use allows you to do so, by all means add .chm extensions to its' list (unless you need them for some reason, of course). Pete
     
  3. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Ah I see they finally got around detecting it. By my count, iit was around for the better half of a day before it was detected,


    http://www.wilderssecurity.com/showthread.php?t=22781

    Deadly. Surf on the site with IE (fully patched) and if your antivirus missed it , you are dead.
     
Loading...
Thread Status:
Not open for further replies.