Threat Level: green Handler on Duty: Bojan Zdrnja

SANS ISC: InfoSec Handlers Diary Blog - Internet Storm Center Diary 2006-11-06 InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Windows Kernel Issue (MoKB)

Published: 2006-11-06
Last Updated: 2006-11-06 18:40:34 UTC
by Scott Fendley (Version: 1)
0 comment(s)
Good morning/evening everyone.

Earlier today, we became aware of a new vulnerability that does not appear to have a workaround available.  On the outset, it does look like a Denial of Service style bug, but leaves room for remote execution possibilities.  From our take on it, the code must be run locally on the computer.  So depending on the delivery mechanism for the exploiting code, you may have a very nice attack. We are investigating this flaw further and hope to report something further such as workarounds, or ways to help mitigate this issue.

source: http://projects.info-pull.com/mokb/MOKB-06-11-2006.html
Keywords:
0 comment(s)

Internet Explorer XML Vulnerability

Published: 2006-11-06
Last Updated: 2006-11-06 17:25:45 UTC
by Johannes Ullrich (Version: 1)
0 comment(s)
Microsoft released a knowledge base article about a newly reported vulnerability in XMLHTTP 4.0 ActiveX Control. This Active-X control is required to interact with specific web sites using XML queries. We are not aware of any widely used applications of this technology. While it is similar to Ajax in scope, it does not look like it is required to use Ajax.

In line with Microsofts advisory, we recommend setting the respective kill bit to disable execution of this ActiveX control:
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\
{88d969c5-f192-11d4-a65f-0040963251e5}]
"Compatibility Flags"=dword:00000400


(we had a mention of a possible PoC from the Month-of-Kernel-bugs project. but it looks like these are two distinct issues)

Keywords:
0 comment(s)

sinFP-2.04 release

Published: 2006-11-06
Last Updated: 2006-11-06 04:39:18 UTC
by Jim Clausing (Version: 2)
0 comment(s)
Well, it has been a pretty slow weekend at the ol' Storm Center.  As someone who is always on the lookout for new and interesting tools, I did see an announcement of a tool that I am unfamiliar with, but plan to check out because it looks kind of interesting.  It is called sinFP.  It is an OS fingerprinting tool in Perl and version 2.04 was just released.  The papers about it are in French (which I don't read), but the web page claims that it overcomes some limitations in nmap's OS fingerprinting.  It also claims to be able to do OS fingerprinting of IPv6 traffic.  If any of our readers have any experience with the tool, I'd like to hear from you.  Also, if you know of any other interesting tools, please drop us a note at the contact page.

----------------------------------
Jim Clausing, jclausing --at-- isc dot sans dot org
Keywords:
0 comment(s)
Diary Archives