New 0-day for IE 6
Results 1 to 3 of 3

Thread: New 0-day for IE 6

  1. #1
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003

    New 0-day for IE 6

    Greeting's

    Microsoft today released an advisory relating to a 0-day exploit found for IE.


    Technical Description

    A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a memory corruption error when processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.

    FrSIRT has successfully exploited this vulnerability on a fully patched Windows XP SP2 system.

    Here is the workaround (although we know it) :

    Disable Active Scripting in the Internet and Local intranet security zones :

    - In Internet Explorer, click Internet Options on the Tools menu
    - Click the Security tab
    - Click Internet, and then click Custom Level
    - Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
    - Click Local intranet, and then click Custom Level
    - Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
    - If you are prompted to confirm that you want to change these settings, click Yes
    - Click OK to return to Internet Explorer



    Links :

    http://www.frsirt.com/english/advisories/2006/3593

    http://www.microsoft.com/technet/sec...ry/925444.mspx
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Posts
    872
    offtopic: lets start an 0-day subforum.
    ...This Space For Rent.

    -[WebCarnage]

  3. #3
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    You have got my vote for the idea.

    & I'm the moderator thats it .
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides