Hello all-

My apologies if this is already posted, I did a search here and found nothing.

The SANS Internet Storm Center, ISC, just released information on a new Internet Explorer 0-Day Exploit. Just nominal information right now:

Link: http://isc.sans.org/

Story so far:
Handler's Diary November 21st 2005

previous -

* Internet Explorer 0-day exploit (NEW)
Published: 2005-11-21,
Last Updated: 2005-11-21 15:54:56 UTC by Johannes Ullrich (Version: 1)

the UK group "Computer Terrorism" released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.

The bug uses a problem in the javascript 'Window()' function, if run from 'onload'. 'onload' is an argument to the HTML <body> tag, and is used to execute javascript as the page loads.

Impact:
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).

Mitigation:
Turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox. But others may. For firefox, the extnion 'noscript' can be used to easily allow Javascript for selected sites only.

Open Questions:
We are not sure if paramters can be passed to the executable. If so, the issue would be much more severe.

Please monitor this diary for updates.
edit

http://isc.sans.org/diary.php?compare=1&storyid=874

Updated version and exploit news - it's up to version 4, in terms of updates from the SANS ISC now.

/edit