Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet Another Highly Critical Zero-day Smacks Ie


  • Please log in to reply
2 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:55 PM

Posted 25 April 2006 - 11:22 AM

...In an alert to customers of its DeepSight threat system, Symantec cited a vulnerability...by researcher Michal Zalewski, who notes that IE is prone to memory corruption because of the way it handles malformed HTML.

HTML content that contains nested tags without the corresponding closure tags...can trigger the bug. "An attacker could exploit this issue via a malicious web page to potentially execute arbitrary code in the context of the currently logged-in user"...A fully-patched version of IE 6 for Windows XP SP2 -- the most-secure production version of Microsoft's browser -- is open to the attack.

techweb.com
Secunia Advisory: SA19762
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 50,586 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:55 PM

Posted 28 April 2006 - 08:06 AM

Microsoft Internet Explorer Modal Security Dialog Race Condition May Let Remote Users Install Code or Obtain Information

IV. SUGGESTED ACTIONS: MITIGATION RECOMMENDATIONS

* Limit viewing to trusted web sites: In some situations, browsing can be successfully limited to only trustworthy sites without significant loss of productivity. Users should be extremely cautious while browsing unknown or untrusted web sites, as such web sites are often able to introduce hostile code.

* Run exposed applications with reduced privileges: Users who log on interactively -without- the privileges of powerful groups such as the "Administrators" or "Power Users" groups are at a much lower risk of damage from successful exploitation of software vulnerabilities in client applications. This mitigation step greatly reduces the likelihood of a successful malware installation if this vulnerability is exploited..."

securitytracker.com/alerts
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Daisuke

Daisuke

    Cleaner on Duty


  • Members
  • 5,575 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Romania
  • Local time:02:55 PM

Posted 28 April 2006 - 03:19 PM

2006-04-28: Updated "Description" section to clarify that Secunia has successfully exploited the vulnerability.

It doesn't look good.

MSIE has three unpatched vulnerabilities. Firefox only one. Conclusion: Use Opera !

Microsoft Internet Explorer Nested OBJECT Tag Memory Corruption Vulnerability - Highly critical
Microsoft Internet Explorer Modal Dialog Manipulation Vulnerability - Proof of concept available
Microsoft Internet Explorer MHTML URI Handler Information Disclosure Vulnerability - Less critical
Mozilla Firefox iframe.contentWindow.focus Buffer Overflow Vulnerability - Not critical (?)

Edited by Daisuke, 28 April 2006 - 03:20 PM.

Everyday is virus day. Do you know where your recovery CDs are ?
Did you create them yet ?

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users