Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yet Another Ie Exploit Released Today!


  • Please log in to reply
4 replies to this topic

#1 Security Geek

Security Geek

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Local time:08:37 PM

Posted 28 September 2006 - 10:28 PM

It really is difficult keeping up with all the exploits this month. This vulnerability was reported to MS nearly 2 months ago but it went unpatched (NIST.gov Tracking Number: CVE-2006-3730, goes by the name WebViewFolderIcon exploit). Now code and step-by-step instructions have been released to run arbitrary executable code. Rated Critical by FrSIRT. Expect to see various exploits based on this as scammers load up their tools with this wrapped around them. Its doubtful MS will release another out-of-cycle fix so don't expect anything until October 10th. FrSIRT does have a ActiveX kill bit reg import if you care to go that route (that should prevent the current exploit from working).

More info at http://www.nist.org/news.php?extend.174

(post comments here)

Spread the word on this but be sure to include its name "WebViewFolderIcon" so people don't get confused and think its one of the other 'sploits they've heard about.

BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,195 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:08:37 PM

Posted 29 September 2006 - 10:08 AM

Microsoft has not posted an advisory for the new flaw, and Symantec and US-CERT only suggested that users either disable Active Scripting in IE or set the "kill bit" for the ActiveX control. The latter, however, is somewhat technical and if done incorrectly, can damage the operating system
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 PM

Posted 29 September 2006 - 10:28 AM

Microsoft Security Advisory (926043)
Vulnerability in Windows Shell Could Allow Remote Code Execution

Published: September 28, 2006

Microsoft is investigating new public reports of a vulnerability in supported versions of Microsoft Windows. Customers who are running Windows Server 2003 and Windows Server 2003 Service Pack 1 in their default configurations, with the Enhanced Security Configuration turned on, are not affected. We are also aware of proof of concept code published publicly. We are not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time. We will continue to investigate these public reports.

The ActiveX control called out in the public reports and in the Proof of Concept code is the Microsoft WebViewFolderIcon ActiveX control (Web View). The vulnerability exists in Windows Shell and is exposed by Web View...

http://www.microsoft.com/technet/security/...ory/926043.mspx
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 no one

no one

  • Members
  • 843 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:PCLinuxOS Land
  • Local time:08:37 PM

Posted 29 September 2006 - 12:12 PM

More zero-day attacks plague Microsoft users
Published: 2006-09-29

Security researcher HD Moore published a module for the Metasploit framework this week that includes exploit code for a previously unknown Windows shell vulnerability.

Microsoft warned users of the issue on Thursday in a security advisory, saying that public report have pinpointed an ActiveX component as the source of the vulnerability, but that component merely exposes the vulnerable Windows shell. The flaw affects every version of the operating system, except for default installations of Windows 2003, the company said.
http://www.securityfocus.com/brief/317


"Not everything that counts can be counted, and not everything that can be counted counts."

"Whoever fights monsters should see to it that in the process he does not become a monster"

Posted Image


#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,474 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 PM

Posted 03 October 2006 - 10:58 AM

Microsoft Security Advisory (926043) updated October 2, 2006 to advise customers that Web sites that attempt to use this vulnerability to perform limited attacks have been discovered.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users