Article

Exploit code targets Internet Explorer zero-day display flaw

Robert Westervelt, News Director

Symantec Corp. is warning of a new publicly available exploit code targeting an unpatched display vulnerability in Internet Explorer (IE) that could enable hackers to conduct drive-by attacks and spread malware on unsuspecting victim machines.

    Requires Free Membership to View

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

The IE zero-day vulnerability affects the way the browser handles cascading style sheet (CSS) information used to lay out webpages. The vulnerability affects Internet Explorer versions 6 and 7. Symantec said the IE zero-day attack could infect users by using malicious JavaScript code.

"The exploit currently exhibits signs of poor reliability, but we expect that a fully functional a reliable exploit will be available in the near future," Symantec said in a blog posting on Saturday. "For an attacker to launch a successful attack, they must lure victims to their malicious webpage or a website they have compromised."

Microsoft security updates:
Nov. - Microsoft patches serious Windows kernel flaws: Vulnerabilities in several Windows kernel drivers could be remotely exploited to gain complete access to a system.

Oct. - Microsoft addresses critical SMBv2 flaw, fixes record number of flaws: Microsoft addressed three critical vulnerabilities in Windows Server Message Block. Thirteen bulletins addressed a record 34 flaws. 

Sept. - Microsoft repairs Windows media, TCP/IP vulnerabilities: Microsoft released five critical updates fixing a serious flaw in the Windows Media Format Runtime engine and TCP/IP processing errors that could crash Web and mail servers. 

Cupertino, Calif.-based Symantec said the IE zero-day exploit code appeared Friday on the Bugtraq mailing list. Symantec and several other security vendors are providing antivirus and IPS signatures to protect against the attack.

"Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft," Symantec said.

IT security research and alert vendor VUPEN Security also reported the vulnerability on Saturday, saying the flaw is a dangling pointer in the Microsoft HTML Viewer (mshtml.dll).

Danish vulnerability clearinghouse Secunia gave the IE zero-day flaw a highly critical rating in an alert issued today. Secunia confirmed the vulnerability in IE6 on Windows XP SP2 and IE7 on Windows XP SP3A.

Microsoft acknowledged the IE zero-day exploit code in a security advisory issued late Monday. In a statement, Alan Wallace of Microsoft security response communications said Microsoft was not aware of any ongoing attacks to exploit the reported vulnerability.

"The company is aware of public, detailed exploit code that allows an attacker to gain the same rights as a local user; however, the exploit code requires an attacker to convince users to visit a maliciously-crafted website," Wallace said. "Microsoft is recommending that customers with earlier versions of the browser consider downloading the more recent version of IE to take advantage of the latest security and privacy features.

As a workaround Microsoft recommends companies set Internet and local intranet security zone settings to "high" or customize the security setting to force the browser to prompt users before it runs an active script. Data Execution Protection (DEP) can also be enabled in IE 7 to make the attack much more difficult to carry out.

The software giant patched a serious Windows kernel flaw earlier this month, fixing a vulnerability that enabled attackers to set up a malicious website and target users of Internet Explorer using embedded OpenType font.


Editor's Note: This story was updated Nov. 24 to add Microsoft advisory information

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: