IE 0 Day, just in time for Christmas

Published: 2010-12-23
Last Updated: 2010-12-23 13:00:34 UTC
by Mark Hofman (Version: 1)
1 comment(s)

Ok, fess up who asked for an IE 0 day for Christmas? I'm guessing Santa got his lumps of coal mixed up with a bag of exploits.

This exploit has been discussed over the last day or so on full disclosure and a number of other sites. Metasploit already has a module available for it (just search for CSS & IE).  Microsoft has put out an advisory 2488013 regarding the issue ( http://www.microsoft.com/technet/security/advisory/2488013.mspx).  The issue manifests itself when a specially crafted web page is used and could result in remote code execution on the client. 

Microsoft suggests using Enhanced Mitigation Experience Toolkit (EMET) to help address the issue.  Details on that and a little bit more on the exploit can be found here http://blogs.technet.com/b/srd/archive/2010/12/22/new-internet-explorer-vulnerability-affecting-all-versions-of-ie.aspx 

According to the advisory it is not actively being exploited ....yet

If you see it being exploited, drop us a line. 

Cheers

Mark H

Keywords: IE 0 day
1 comment(s)

Comments

- http://community.websense.com/blogs/securitylabs/archive/2010/12/23/zero-day-different-exploit-in-internet-explorer.aspx
23 Dec 2010 - "... Two different new zero-day exploits were published on December 22...
1) ... The use of built-in protections of DEP and ASLR on the Windows platform and Internet Explorer doesn't guarantee to stop the exploit. It stems from the fact that the affected DLL mscorie.dll used by Internet Explorer wasn't compiled to support ASLR - this fact allows an attacker to also bypass DEP by using ROP (return to oriented programming) and successfully exploit the system...
2) ... The second vulnerability takes advantage of the Microsoft WMI Administrative Tools ActiveX Control. Internet Explorer is vulnerable only if Microsoft WMI administrative tools is installed..."
.

Diary Archives