Results 1 to 9 of 9

Thread: IE 7 0 Day EXploit

  1. #1
    Member Slartarama's Avatar
    Join Date
    May 2008
    Location
    Pacific Northwest
    Posts
    53

    IE 7 0 Day EXploit

    Those of you using or supporting IE 7 be wary:

    http://isc.sans.org/diary.html?storyid=5458&rss

  2. #2
    Gonzo District BOFH westin's Avatar
    Join Date
    Jan 2006
    Location
    SW MO
    Posts
    1,187
    Well, thats just great! [sarcasm implied]

    Thanks for the heads up.
    \"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

    -HST

  3. #3
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Nice heads up.

    interesting that it doesn't effect Vista users.

  4. #4
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Quote Originally Posted by t34b4g5 View Post
    Nice heads up.

    interesting that it doesn't effect Vista users.
    I'm curious as to where you've seen mention of it not affecting Vista users?

    From the Microsoft advisory: "Our investigation so far has shown that these attacks are against Windows Internet Explorer 7 on supported editions of Windows XP Service Pack 2, Windows XP Service Pack 3, Windows Server 2003 Service Pack 1, Windows Server 2003 Service Pack 2, Windows Vista, Windows Vista Service Pack 1, and Windows Server 2008."

    The example exploit that SANS ISC discussed doesn't target Vista, most likely due to the limited attack surface of IE 7 in Protected Mode on Vista. It would be entirely possible, however, to target Vista with the vulnerability.

    That being said... if you've got another article I'm unaware of.. I'd love to read it.

    Side note, anyone wanting to look at the code (since it's been sanitized on the SANS ISC site) send me a PM.

  5. #5
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391
    Ht when i read the alert earlier it didn't have anything about Vista. Only XP and Windows server03.

    That being said, they have obviously updated the alert as more info has come to light, thus i was confused on why it wan't a issue for Vista users, but it was for the others..

    *********************

    Some interesting stuff, apparently some Chinese sec team accidently released the POC for this ie7 w@llh@x..
    http://www.computerworld.com/action/...c=news_ts_head

    but apparently
    but it appears some hackers already knew how to exploit the flaw. At one point, the code was traded for as much as US$15,000 on the underground criminal markets, according to iDefense, the computer security branch of VeriSign, citing a blog post from the Chinese team
    However, other information indicates that hackers already knew how it worked before the release. According to knownsec, a rumor surfaced earlier in the year about a bug in Internet Explorer, iDefense wrote. Information on the vulnerability was allegedly sold in November on the underground back market for US$15,000. Earlier this month, the exploit was sold second or third hand for $650, said iDefense, citing knownsec.
    Eventually, someone developed a Trojan horse program -- one that appears harmless but is actually malicious -- that is designed to steal information related to Chinese-language PC games, a popular target for hackers.
    Ouchie's

  6. #6
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,401
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  7. #7
    Senior Member
    Join Date
    Jan 2003
    Posts
    3,915
    Looks like this has been expanded to include IE6 and IE8 (beta).

  8. #8

  9. #9
    Senior Member t34b4g5's Avatar
    Join Date
    Sep 2003
    Location
    Australia.
    Posts
    2,391

    Wink

    Quote Originally Posted by phernandez View Post
    The update notice on all the machines at work. We spent the day rolling this out and re-building image after image.

    A few machines seem to off got bitten

Similar Threads

  1. Again.. Second 0-day exploit out...
    By dalek in forum Microsoft Security Discussions
    Replies: 7
    Last Post: September 23rd, 2006, 03:46 AM
  2. Exploit already available for Windows vulnerability
    By Black Cluster in forum Microsoft Security Discussions
    Replies: 3
    Last Post: October 14th, 2005, 08:44 AM
  3. Network Security made easy?
    By Tiger Shark in forum Microsoft Security Discussions
    Replies: 5
    Last Post: January 14th, 2005, 08:47 PM
  4. Cloaked Exploit Scanner II
    By ntsa in forum The Security Tutorials Forum
    Replies: 3
    Last Post: July 21st, 2002, 04:00 PM
  5. OE/IE6/WMP Temporary File Exploit
    By zigar in forum Microsoft Security Discussions
    Replies: 3
    Last Post: April 4th, 2002, 08:50 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •