+ Post New Thread
Results 1 to 2 of 2
Windows Thread, New Internet Explorer Exploit in Technical; The Internet Storm Centre has some info on a new IE Exploit floating around the net . The UK group ...
  1. #1

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    New Internet Explorer Exploit

    The Internet Storm Centre has some info on a new IE Exploit floating around the net.

    The UK group "Computer Terrorism" released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.

    The bug uses a problem in the javascript 'Window()' function, if run from 'onload'. 'onload' is an argument to the HTML tag, and is used to execute javascript as the page loads.

    The Javascript Window() vulnerability has been known for a few months now, but it has so far been treated as a denial of service (DoS) vulnerability. The author of this PoC figured out a way to use this older vulnerability to execute code.

    Impact:

    Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).

    In addition ot the PoC 'Calculator' exploit, a reader (thanks Chris R!) submitted a version that opens a remote shell. The PoC exploit allows for easy copy/paste of various shell code snippets.

    In itself, the vulnerability will not escalate privileges. We are trying to verify other exploits at this point.

    Mitigation:

    Turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox. But others may. For firefox, the extnion 'noscript' can be used to easily allow Javascript for selected sites only.


    Microsoft Security Advisory is here. No Patch yet though...

    http://www.microsoft.com/technet/sec...ry/911302.mspx

    Snort IDS signature if your fortunate enough to have a Linux based firewall.

    Code:
    alert tcp $EXTERNAL_NET $HTTP_PORTS -> $HOME_NET any
    (msg:"BLEEDING-EDGE CURRENT EVENTS Microsoft Internet
    Explorer Window() Possible Code Execution"; flow:established,from_server;
    content:"window"; nocase; pcre:"/[=:'"s]windows*(s*)/i";
    reference:url,secunia.com/advisories/15546; \  reference:url,http://www.computerterrorism.com/res.../ct21-11-2005;
    reference:cve,2005-1790; classtype:attempted-user; sid:2002682; rev:1; )

  2. #2

    Geoff's Avatar
    Join Date
    Jun 2005
    Location
    Fylde, Lancs, UK.
    Posts
    11,803
    Thank Post
    110
    Thanked 583 Times in 504 Posts
    Blog Entries
    1
    Rep Power
    224

    Re: New Internet Explorer Exploit

    Sophos has a press release here:

    http://www.sophos.com/pressoffice/ne...msexploit.html

    The flaw is being actively exploited by malicious websites.

SHARE:
+ Post New Thread

Similar Threads

  1. internet explorer script
    By cadukit in forum Scripts
    Replies: 0
    Last Post: 16th August 2007, 10:47 AM
  2. Can you update Internet mobile to Internet Explorer?
    By thegrassisgreener in forum Windows
    Replies: 1
    Last Post: 16th July 2007, 01:48 PM
  3. Internet Explorer vs Firefox
    By _Bat_ in forum Jokes/Interweb Things
    Replies: 3
    Last Post: 20th March 2007, 11:56 AM
  4. Internet Explorer Administration Kit 7
    By alonebfg in forum Windows
    Replies: 2
    Last Post: 3rd March 2007, 08:41 AM
  5. Unbranding Internet Explorer
    By Dos_Box in forum How do you do....it?
    Replies: 2
    Last Post: 7th January 2006, 08:40 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •