On TV.com: EMMANUELLE CHRIQUI Photos
BNET Business Network:
BNET
TechRepublic
ZDNet

November 23rd, 2009

Exploit published for critical IE 7 zero-day flaw

Posted by Ryan Naraine @ 8:32 am

Categories: Anti Virus, Arbitrary Code Execution, Browsers, Data theft, Denial of Service (DoS), Exploit code, Microsoft, Passwords, Patch Watch, Responsible disclosure

Tags: Microsoft Internet Explorer 7, Microsoft Internet Explorer, Microsoft Corp., Zero-day Bug, VUPEN, VUPEN Security, Web Browsers, Internet, Ryan Naraine

Exploit code for a critical (remotely exploitable) vulnerability in Microsoft’s Internet Explorer 7 browser has been released on the Internet, prompting a new round “upgrade now!” warnings from computer security experts.

The vulnerability could be used in malware attacks to take complete control of a Windows machine running IE 6 or IE 7, according to an advisory issued over the  weekend.

Here’s the gist of the problem:

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by attackers to compromise a vulnerable system. This issue is caused by a dangling pointer in the Microsoft HTML Viewer (mshtml.dll) when retrieving certain CSS/STYLE objects via the “getElementsByTagName()” method, which could allow attackers to crash an affected browser or execute arbitrary code by tricking a user into visiting a malicious web page.

The vulnerability was confirmed on fully patched Windows XP SP3 systems with Internet Explorer 6 and 6.

For IE users unable (or unwilling) to upgrade to IE 8, you can disable Active Scripting in the Internet and Local intranet security zones.

Security researchers at Symantec have tested the published exploit and warned that a fully-functional reliable exploit will be available in the near future.

When this happens, attackers will have the ability to insert the exploit into Web sites, infecting potential visitors.  For an attacker to launch a successful attack, they must lure victims to their malicious Web page or a Web site they have compromised. In both cases, the attack requires JavaScript to exploit Internet Explorer.

Microsoft has not yet issued an advisory with mitigation guidance.

Ryan NaraineRyan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.


Email Ryan Naraine

For daily updates on Ryan's activities, follow him on Twitter.

Subscribe to Zero Day via Email alerts or RSS.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?

  • Talkback
  • Most Recent of 84 Talkback(s)
I use google....
but this page is just the bare minimum:

http://support.microsoft.com/kb/950717

The release of SP3 was ... (Read the rest)
Posted by: JCitizen Posted on: 01/21/10  (Edited: 01/21/10 @ 08:07) You are currently: a Guest | | Terms of Use
Do you mean:  ye | 11/23/09
I thought Protected Mode didn't work in XP and under?  AzuMao | 11/23/09
Windows XP is two generations old.  ye | 11/24/09
Yes, you can install it for "free", after buying Windows Vista/7.  AzuMao | 11/24/09
IE 8 runs on Windows XP.  ye | 11/24/09
IE 8 doesn't have protected mode in XP.  AzuMao | 11/24/09
Had I said it did you might be offering some useful information.  ye | 11/25/09
You recommended using protected mode to solve this problem.  AzuMao | 11/25/09
@AzuMao: I did no such thing.  ye | 11/25/09
easy,  rtk | 11/25/09
This part  AzuMao | 11/25/09
XP is current generation  symbolset | 11/25/09
Ye, where have you gone?  zdnet-gregc | 11/25/09
I beg to differ...  914four | 12/02/09
There's an easy fix.  The Mentalist | 11/23/09
Or just upgrade to IE 8 [nt]  Qbt | 11/23/09
Or just use a browser that doesn't suck.  AzuMao | 11/30/09
Easier fix  AzuMao | 11/23/09
easy fix?  trs789@... | 11/24/09
easy fix  DesertJim | 11/24/09
The Best Fix...  gothicgeek77 | 11/24/09
good theory  rtk | 11/24/09
It still chaps my behind...  JCitizen | 11/24/09
Er..  AzuMao | 11/25/09
That's all I wanted...  JCitizen | 11/25/09
Good luck with that.  AzuMao | 11/25/09
Not true  rtk | 11/25/09
Yes in Windows 7 you can remove the shortcut from your desktop.  AzuMao | 11/25/09
No, in vista and below you could remove the shortcut  rtk | 11/25/09
Sorry RTK, repeatedly calling something false won't make it false.  AzuMao | 11/30/09
Unfortunately...  fairportfan | 11/25/09
Microsoft Security Essentials blocks the exploit  directory | 11/23/09
RE: Exploit published for critical IE 7 zero-day flaw  Loverock Davidson | 11/23/09
Run it in protected mode  honeymonster | 11/23/09
Yep, just cough up a couple few benjamins.  AzuMao | 11/23/09
That does not compute  whoflungdung | 11/23/09
Protected mode is only in Windows Vista and Windows 7.  AzuMao | 11/24/09
Such as?  Lester Young | 11/24/09
Oh no  AzuMao | 11/25/09
Firefox v. IE  Cybrduck | 11/24/09
I never said anything about Firefox.  AzuMao | 11/25/09
RE: Exploit published for critical IE 7 zero-day flaw  windozefreak | 11/23/09
RE: Exploit published for critical IE 7 zero-day flaw  kevinx326 | 11/23/09
RE: Exploit published for critical IE 7 zero-day flaw  jimmanis | 11/23/09
Such ignorance  anothercanuck | 11/23/09
Compatability Mode (Duh)  kyron.gustafson@... | 11/24/09
Exactly  Earthling2 | 11/24/09
What a mess!  theo_durcan | 11/24/09
I believe I'm on record as saying:  ye | 11/24/09
Can you name even one, single, multi-billion dollar costing webapp  AzuMao | 11/24/09
At a guess...  zkiwi | 11/25/09
That's weird..  AzuMao | 11/25/09
You can run multiple versions of IE  public@... | 01/19/10
RE: Exploit published for critical IE 7 zero-day flaw  narenhacker@... | 11/24/09
They are not even listed at CNET...  JCitizen | 11/24/09
Some don't get a choice...  wright_is | 11/24/09
If that's the case, try Opera or Chrome.  AzuMao | 11/24/09
Proofreaders, where are you?  Trekker | 11/24/09
hard to type with foot in mouth?  promytius1@... | 11/25/09
It might not be his entirely his fault  lehnerus2000 | 11/25/09
Are you new to ZDNet?  AzuMao | 11/30/09
RE: Exploit published for critical IE 7 zero-day flaw  Elvis.Is.Alive | 11/24/09
RE: Exploit published for critical IE 7 zero-day flaw  DougOfCBSZDNet Moderator | 11/24/09
Upgrade to IE8  DougOfCBSZDNet Moderator | 11/24/09
Considering that IE8 has had this problem for a while...  zkiwi | 11/24/09
Well it's IE  AzuMao | 11/24/09
RE: Exploit published for critical IE 7 zero-day flaw  kakijing | 11/24/09
RE: Exploit published for critical IE 7 zero-day flaw  rrice_kraken | 11/25/09
RE: Exploit published for critical IE 7 zero-day flaw  gs1935@... | 11/25/09
the sky will fall. Ice caps will melt  Turd Furgeson | 11/25/09
You get hacked.  AzuMao | 11/25/09
DUMB  dgurney | 11/25/09
Here ya go:  rtk | 11/25/09
Nope.  dgurney | 11/30/09
????  AzuMao | 12/01/09
Internet Explorer 6 and 6.  kb244 | 11/25/09
RE: Exploit published for critical IE 7 zero-day flaw  Veluto | 11/27/09
Probably didn't follow procedure...  JCitizen | 11/27/09
What "procedure"?  ocie3@... | 11/30/09
I use google....  JCitizen | 01/21/10
easy fix... use a different browser....  zdnetregistration | 11/30/09
RE: Exploit published for critical IE 7 zero-day flaw  ocie3@... | 11/30/09
Ask us if we care  Crestview | 12/09/09
No kidding?  AzuMao | 12/09/09

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

Click Here