-
September 15th, 2006, 06:08 PM
#1
New 0-day for IE 6
Greeting's
Microsoft today released an advisory relating to a 0-day exploit found for IE.
Technical Description
A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a memory corruption error when processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.
FrSIRT has successfully exploited this vulnerability on a fully patched Windows XP SP2 system.
Here is the workaround (although we know it) :
Disable Active Scripting in the Internet and Local intranet security zones :
- In Internet Explorer, click Internet Options on the Tools menu
- Click the Security tab
- Click Internet, and then click Custom Level
- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
- Click Local intranet, and then click Custom Level
- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
- If you are prompted to confirm that you want to change these settings, click Yes
- Click OK to return to Internet Explorer
Links :
http://www.frsirt.com/english/advisories/2006/3593
http://www.microsoft.com/technet/sec...ry/925444.mspx
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
-
September 16th, 2006, 08:20 PM
#2
offtopic: lets start an 0-day subforum.
...This Space For Rent.
-[WebCarnage]
-
September 17th, 2006, 06:31 PM
#3
Greeting's
You have got my vote for the idea.
& I'm the moderator thats it .
Parth Maniar,
CISSP, CISM, CISA, SSCP
*Thank you GOD*
Greater the Difficulty, SWEETER the Victory.
Believe in yourself.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|