Microsoft Security Advisory (961051)

Discussion in 'other security issues & news' started by ronjor, Dec 11, 2008.

Thread Status:
Not open for further replies.
  1. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Microsoft
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Bojan at ISC.SANS.ORG, has updated his analysis of this exploit:

    0-day exploit for Internet Explorer in the wild
    http://isc.sans.org/diary.html?storyid=5458


    Note that it has followed the normal pattern of 0-day exploits, where, once the code becomes public, other malware authors package it with various exploits.

    The .js file mentioned includes Flash, Real Player, the Office Snapshot Viewer exploits, as well as the IE7-XML exploit. A quick look reveals that all the exploits attempt to download a trojan binary executable file.


    ----
    rich
     
    Last edited: Dec 11, 2008
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,727
    Location:
    Texas
    Microsoft Security Advisory 961051 Updated
    Microsoft
     
  4. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    The revised security advisory states that supported versions of IE6 and Windows are "potentially vulnerable."

    An updated ISC Diary echoes that:

    IE7 0day expanded to include IE6 and IE8(beta) -- now others
    http://isc.sans.org/diary.html?storyid=5470
    Since several sites have listed some of the domains that are carrying the exploit, this can be tested.

    I used IE6 on my Win2K system. For each site I tried, the page loaded but the exploit code did nothing -- nothing but the index page was cached.

    *However* -- the domain that was reported in an earlier ISC Diary is a different story. You can see the results here:

    http://www.urs2.net/rsj/computing/tests/ie-7

    This domain is a good example of a packaged exploit - several exploits together looking for vulnerability somewhere - and is the first time I've seen the same payload triggered by different versions of IE in one place. If past trends hold true, we are likely to see more of this.

    The ISC Diary also notes that SQL injection has been seen -- the method by which the URL for the exploit is put onto a web server page. No longer are just web sites in the back alleys of the internet affected - any site can be compromised if an SQL injection vulnerability exists. An update earlier today:

    MSIE 0-day Spreading Via SQL Injection
    http://isc.sans.org/diary.html?storyid=5464

    As the IE7 exploit code is picked up by more malware authors, additional packaging of it with other exploits is likely to follow.

    Protect Accordingly!

    ----
    rich
     
    Last edited: Dec 13, 2008
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    5,632
    Location:
    U.S.A. (South)
    Microsoft Internet Explorer 6 Service Pack :D

    Windows XP Service Pack 2

    Really interesting read and yet another something potentiallly hazardous to be on guard against per IE browser's. Don't these guys ever stop?

    I wonder since MS catelogs all these finds of exploits if they have a direct number or even an average per year per platform.
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    No, they will never stop as long as unprotected systems peruse the internet.

    It's really nothing to get overly excited about - all of these browser (and plugins) exploits do the same thing: attempt to sneak in a trojan - and are easily prevented, as you know from discussions in other forums!

    The task at hand is for experienced people like you and other regulars at Wilders to make uninformed users aware of how to protect their system!

    Take one at a time...


    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.