Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: * Internet Explorer 0-day exploit SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
* Internet Explorer 0-day exploit
the UK group "Computer Terrorism" released a proof of concept exploit against patched versions of Internet Explorer. We verified that the code is working on a fully patched Windows XP system with default configuration.

The bug uses a problem in the javascript 'Window()' function, if run from 'onload'. 'onload' is an argument to the HTML <body> tag, and is used to execute javascript as the page loads.

Impact:
Arbitrary executables may be executed without user interaction. The PoC demo as tested by us will launch the calculator (calc.exe).

Mitigation:
Turn off javascript, or use an alternative browser (Opera, Firefox). If you happen to use Firefox: This bug is not affecting firefox. But others may. For firefox, the extnion 'noscript' can be used to easily allow Javascript for selected sites only.

Open Questions:
We are not sure if paramters can be passed to the executable. If so, the issue would be much more severe.

Please monitor this diary for updates.

Johannes

3904 Posts
ISC Handler
Nov 21st 2005

Sign Up for Free or Log In to start participating in the conversation!