Attack code targets new IE hole

[FreewheelinFrank]

Attack code targets new IE hole

Computer code that could be used to hijack Windows PCs via a yet-to-be-patched Internet Explorer flaw has been posted on the Net, experts have warned.

The code was published on public Web sites, where it is accessible to miscreants who might use it to craft attacks on vulnerable Windows computers. Microsoft is investigating the issue, the company representative said in a statement Thursday.

"Microsoft's initial investigation reveals that this exploit code could allow an attacker to execute memory corruption," the representative said. As a workaround to protect against potential attacks, Microsoft suggests Windows users disable ActiveX and active scripting controls.

The flaw is due to an error in an ActiveX control related to multimedia features and could be exploited by viewing a rigged Web page, Symantec said in an alert sent to users of its DeepSight security intelligence service Thursday. An attacker could commandeer a Windows PC or cause IE to crash, the security company said.

IE versions 5.01 and 6 on all current versions of Windows are affected, the French Security Incident Response Team, or FrSIRT, a security-monitoring company, said in an alert Wednesday.

The warning of the new flaw comes only days after Microsoft released its September patches. On Tuesday it released three updates, two for Windows and one for Office. The software maker also released a third version of an Internet Explorer fix after it botched the first two versions of the patch.

In recent months, word of new attacks has repeatedly followed shortly after "Patch Tuesday." Some experts believe the timing of the new attack is no coincidence, suggesting that attackers look to take advantage of a full month before Microsoft is scheduled to release its next bunch of fixes.

http://news.com.com/Attack+code+targets+new+IE+hole/2100-1002_3-6115966.html?tag=cd.lede

[bob3160]

IE versions 5.01 and 6 on all current versions of Windows are affected

Another great reason to install IE7....

[DavidR]

Or use a browser that doesn't have activeX

[bob3160]

You can also control how or if active x is used in the security settings of IE.

[DavidR]

So two great reasons then that you don't have to use IE7

[FreewheelinFrank]

This one's been seen in the wild too:

http://sunbeltblog.blogspot.com/2006/09/another-zero-day-on-loose-keyframe.html

Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID:  {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6}

[FreewheelinFrank]

daxctle.ocx exploit not patched

It’s worth noting that after a hailstorm of patches yesterday by Microsoft, the daxctle.ocx vulnerability was not patched.

We have observed this exploit in action in the wild. However, it is not widely used (the two sites we saw it on are now dead) and it is a pretty crappy exploit (meaning, it doesn’t work all that well). 

Nevertheless, it is an exploit, it has been observed in the wild, and it’s not patched.

Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID:  {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6} More information about how to set the kill bit is available in Microsoft Support Document 240797. More at CERT.

http://sunbeltblog.blogspot.com/2006/10/daxctleocx-exploit-not-patched.html

[bob3160]

How big a microscope are they using to try to find something anything
Would any of us withstand that kind of an inspection?
It's almost as though IE where running for office and in order for the opposition
to win, they must find some dirt. Any dirt. Please there has to be something bad I can report......

[.: Mac :.]

IE 7 looks to be the first release I will use on my PC, Ill still keep SeaMonkey Though