An unpatched IE exploit invokes a second older unpatched IE exploit

Published: 2004-04-10. Last Updated: 2004-04-11 02:23:20 UTC
by Kevin Hong (Version: 1)
0 comment(s)
An unpatched IE exploit invokes a second older unpatched IE exploit

It has been a quiet day. One of the handlers (Patrick Nolan) mentioned another unpatched IE exploit has a first part "incorrect handling of HTML files embedded in CHM files" that invokes a second older unpatched IE exploit (ADODB) to run code of attackers choice.

According to the Trunlow Trojan described in Symantec website (http://securityresponse.symantec.com/avcenter/venc/data/trojan.trunlow.html):

The first part of this exploit - "HTML component: This is a piece of html code that downloads and executes the VBScript component. This code may be added to pages on legitimate Web sites whose security has been compromised. Some versions use the exploit described in Bloodhound.Exploit.6."

The second part exploit ADODB stream object vulnerability to download and execute files.

"By embedding a specially crafted URL in a Web page and having that URL refer to a CHM file containing an HTML file with scripts in it, an attacker could force the user who views the Web page with a vulnerable version of Internet Explorer to download and execute files."

As usual, follow the best practices (patch IE, do not follow unsolicited links, update virus definition etc).

Keywords:
0 comment(s)

Comments


Diary Archives