US-CERT Vulnerability Note VU#842160:
"Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE. "
A heap buffer overflow vulnerability exists in the way IE handles the SRC and NAME attributes of FRAME and IFRAME elements. Publicly available exploit code uses JavaScript to prepare heap memory with blocks that consist of NOP slides and shell code. After mishandling overly long SRC and NAME attributes, IE dereferences a memory address that may fall within one of the prepared heap blocks, running through the NOP slide and executing the attacker's shell code. Without the ability to prepare the heap blocks, this attack become significantly more difficult.
Other programs (e.g., Outlook, Outlook Express, AOL, Lotus Notes) that use the WebBrowser ActiveX control could be affected by this vulnerability
Install Windows XP Service Pack 2 (SP2)
Microsoft Windows XP SP2 does not appear to be affected by this vulnerability.
Disable Active scripting
Disabling Active scripting makes it more difficult for an attacker to prepare the heap to easily execute arbitrary code. At a minimum, disable Active scripting in the Internet zone and the zone used by Outlook, Outlook Express, or any other software that uses the WebBrowser ActiveX control. Instructions for disabling Active scripting can be found in the Malicious Web Scripts FAQ.
Do not follow unsolicited links
http://www.kb.cert.org/vuls/id/842160
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment