Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Zero Day Exploit for Internet Explorer

Notifications for Security Updates, as well as News and Information from across the web - mostly security minded.

Update Contributors: Members of the Malware Removal University.

Regular Members: Our Regular Members are invited to start and/or participate in all other topics. Join in and share the news that's important to you.

New Zero Day Exploit for Internet Explorer

Unread postby Nick-YF19 » March 25th, 2006, 7:10 am

A new vulnerbility in Internet Explorer can allow bad websites to install programs on your computer. Even if you are fully patched and up to date with all security updates. All you have to do is visit a bad website andthe exploit will happen. The following excerpt from Secunia:
Description: Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap. Successful exploitation allows execution of arbitrary code. NOTE: Exploit code is publicly available. The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview (January edition). Other versions may also be affected. Solution: Disable Active Scripting support.


This is a serious problem, since your computer can be completely taken over. Even if you use another browser like Firefox, Internet Explorer can still be launched to execute this attack.

Disabling active scripting can make many functions of a website stop working, so I advise you to add the ones you visit frequently to your trusted zone. That will let them work while you can still disable scripting for all other sites

In addition to adware, real spyware like keyloggers have been seen in the installs from this exploit. So this is no joke, be warned

Here is a guide that includes pictures on how to disable active scripting and how to add sites to your trusted zone: http://blogs.zdnet.com/Ou/?p=133
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California
Advertisement
Register to Remove

Unread postby Nick-YF19 » March 25th, 2006, 7:10 am

Zero reply bump
User avatar
Nick-YF19
Admin/Teacher Emeritus
 
Posts: 4036
Joined: May 17th, 2005, 12:42 am
Location: California

Unread postby amateur » March 25th, 2006, 10:02 am

It may explain the increase in keyloggers along with SurfSideKick I've been observing lately. :shock: I hope Microsoft patches it quickly.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Free Zero Day Fix (non MS) from eEye out there too ;-)

Unread postby ZeroFighter » April 2nd, 2006, 11:41 am

Hi,

Just in case you have to use IE and can't avoid active scripting - the guys from eEye Digital Security have done an excellent job and provide a free fix including the patch source.

eEye Digital Security has created a temporary work around for the current Internet Explorer zero day vulnerability within the IE createTextRange functionality.

This workaround has been created because currently there is no solution from Microsoft other than the workaround to disable Active Scripting. We have personally had requests from various customers and the community to help provide a free solution in the case that companies and users are not able to disable Active Scripting. The workaround we have created, like ones before it, is experimental in a sense and should only be installed if you are not able to use the safer mitigation of disabling Active Scripting.

The workaround is obviously free, and we do not require any registration information to download it from the eEye website.

Should you encounter any problems with the workaround or bugs please send email to alerts@eeye.com with detailed information on the problem you experienced and we will work to fix any bugs in a timely fashion. We will post updates to the website with version numbers and bug fixes should they arise.

Obviously these things are experimental in nature but considering the options of being vulnerable or at least having a fighting chance... Well I think you get the point. Again this is just another mitigation option until Microsoft releases their patch, which last was scheduled for April 11th or 16 days from now.

For more information on the vulnerability and a link to download the workaround please visit:
http://www.eeye.com/html/research/alerts/AL20060324.html

Signed,
Marc Maiffret
Chief Hacking Officer
eEye Digital Security


Otherwise, alternative browsers are your friend ;)
User avatar
ZeroFighter
Active Member
 
Posts: 12
Joined: April 2nd, 2006, 10:24 am
Location: Dublin

Unread postby amateur » April 2nd, 2006, 11:46 am

I am using Firefox for almost everything. I'll stick with it until IE is patched.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby ZeroFighter » April 2nd, 2006, 12:19 pm

Same here, but there are some sites out there not fully supporting FireFox. As some of them are serving third party content, they may not even realize a thread until the damage has been done.

Therefore, I installed the patch mentioned above after reviewing it. The MS one will take about two weeks to be released and that's a bit to long to my mind considering the amount of IE users out there.

There used to be a great site from Pivx about all the unpatched IE exploits, but this was taken offline unfortunately (see here).

Nowadays, only security lists like bugtraq or fulldisclosure provide some information and help.
User avatar
ZeroFighter
Active Member
 
Posts: 12
Joined: April 2nd, 2006, 10:24 am
Location: Dublin
Advertisement
Register to Remove


Return to News Desk



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware