We are currently verifying a PoC for an IE 0-day exploit.
Updates and details later. Just to let you know that we’re on it.
Updates and details later. Just to let you know that we’re on it.
Update (JJ, 22 November 2005 01:06:40)
Apparently this bug has been around for quite some time now:
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1790
And yes, the exploit does work. The PoC opens calc.exe on my Windows XP Sp2 (fully patched) machine. Attackers can easily modify the code and put in their own downloaders, instead of just calc.exe executing.
“As well documented, the vulnerability is instigated by IE’s failure to correctly initialise the JavaScript “Window()” function, when used in conjunction with a event.”
http://www.computerterrorism.com/research/ie/ct21-11-2005
As a workaround (again) disable JavaScript.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-1790
And yes, the exploit does work. The PoC opens calc.exe on my Windows XP Sp2 (fully patched) machine. Attackers can easily modify the code and put in their own downloaders, instead of just calc.exe executing.
“As well documented, the vulnerability is instigated by IE’s failure to correctly initialise the JavaScript “Window()” function, when used in conjunction with a event.”
http://www.computerterrorism.com/research/ie/ct21-11-2005
As a workaround (again) disable JavaScript.
Update (Joey, 22 November 2005 10:56:20)
The Internet Storm Center (ISC) changed their InfoCon status to Yellow, to account for this currently unpatched IE vulnerability.
Additionally, Microsoft posted a new security advisory to address this issue. Check it out here.
http://www.microsoft.com/technet/security/advisory/911302.mspx
Additionally, Microsoft posted a new security advisory to address this issue. Check it out here.
http://www.microsoft.com/technet/security/advisory/911302.mspx