Security Adviser | Roger A. Grimes » New IE zero day being exploited in the wild

September 19, 2006 | Comments: (0)

New IE zero day being exploited in the wild

TAGS: None

FRSIRT announces new IE zero day in the wild.

FRSIRT says here that "A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a buffer overflow error when processing Vector Markup Language (VML) documents containing a "rect" shape with an overly long "fill" attribute, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.

FrSIRT has confirmed this vulnerability on a fully patched Windows XP SP2 system. This issue is currently being exploited in the wild by malicious web sites.

Solution: Disable Active Scripting in the Internet and Local intranet security zones.
--------
They also report yet another PowerPoint zero day.

---------

Update: My friends Jesper Johansson and Alun Jones have developed two custom security templates to turn off VML support in IE until Microsoft patches it. Click here.

-----------------Update on 9-23-06
Jesper created a new GPO startup script to handle both critical IE zero day vulnerabilities. It's an excellent script. If you are new to pushing scripts using GPOs, this is a good one to learn with.

http://msinfluentials.com/blogs/jesper/archive/2006/09/22/More-options-on-protecting-against-the-VML-vulnerability-on-a-domain.aspx

Posted by Roger Grimes on September 19, 2006 05:12 AM

RATE THIS ARTICLE: