IE 7 0 Day EXploit - Antionline Forums

Slartarama · December 10th, 2008, 04:54 PM

Those of you using or supporting IE 7 be wary:

http://isc.sans.org/diary.html?storyid=5458&rss

*westin* · December 10th, 2008, 04:58 PM

Well, thats just great!

[sarcasm implied]

Thanks for the heads up.

t34b4g5 · December 11th, 2008, 01:12 AM

Nice heads up.

interesting that it doesn't effect Vista users.

HTRegz · December 11th, 2008, 06:24 AM

Quote:

Originally Posted by t34b4g5

Nice heads up.

interesting that it doesn't effect Vista users.

I'm curious as to where you've seen mention of it not affecting Vista users?

From the Microsoft advisory: "Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008."

The example exploit that SANS ISC discussed doesn't target Vista, most likely due to the limited attack surface of IE 7 in Protected Mode on Vista. It would be entirely possible, however, to target Vista with the vulnerability.

That being said... if you've got another article I'm unaware of.. I'd love to read it.

Side note, anyone wanting to look at the code (since it's been sanitized on the SANS ISC site) send me a PM.

t34b4g5 · December 11th, 2008, 11:51 AM

Ht when i read the alert earlier it didn't have anything about Vista. Only XP and Windows server03.

That being said, they have obviously updated the alert as more info has come to light, thus i was confused on why it wan't a issue for Vista users, but it was for the others..

*********************

Some interesting stuff, apparently some Chinese sec team accidently released the POC for this ie7 w@llh@x..
http://www.computerworld.com/action/...c=news_ts_head

but apparently

Quote:

but it appears some hackers already knew how to exploit the flaw. At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team

Quote:

However, other information indicates that hackers already knew how it worked before the release. According to knownsec, a rumor surfaced earlier in the year about a bug in Internet Explorer, iDefense wrote. Information on the vulnerability was allegedly sold in November on the underground back market for US$15,000. Earlier this month, the exploit was sold second or third hand for $650, said iDefense, citing knownsec.
Eventually, someone developed a Trojan horse program -- one that appears harmless but is actually malicious -- that is designed to steal information related to Chinese-language PC games, a popular target for hackers.

Ouchie's

*SirDice* · December 11th, 2008, 05:32 PM

Nice analysis:

http://www.breakingpointsystems.com/...ive-by-sundays

HTRegz · December 12th, 2008, 03:05 AM

Looks like this has been expanded to include IE6 and IE8 (beta).

*phernandez* · December 16th, 2008, 09:06 PM

Patch as soon as tomorrow (fingers crossed).

Advanced Notification:
http://www.microsoft.com/technet/sec.../MS08-dec.mspx

t34b4g5 · December 18th, 2008, 09:58 AM

Quote:

Originally Posted by phernandez

Patch as soon as tomorrow (fingers crossed).

Advanced Notification:
http://www.microsoft.com/technet/sec.../MS08-dec.mspx

The update notice on all the machines at work. We spent the day rolling this out and re-building image after image.

A few machines seem to off got bitten