Free Newsletter
Register for our Free Newsletters
Access Control
Deutsche Zone (German Zone)
Education, Training and Professional Services
Government Programmes
Guarding, Equipment and Enforcement
Industrial Computing Security
IT Security
Physical Security
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor
ProSecurityZone Sponsor

New exploit targets IE 6 and 7

Symantec : 24 November, 2009  (Technical Article)
Symantec has discovered a new exploit in development and offers businesses advice on preventing it from impacting IT systems
A new proof-of-concept exploit was posted on BugTraq over the weekend that targets a zero-day vulnerability in Internet Explorer. Symantec Security Response has confirmed that the exploit affects both IE 6 and 7 on Windows XP and Vista platforms, but there are possibilities that other versions of IE and Windows may also be affected. The exploit in its current form exhibits inconsistent behaviour in tests conducted by the Response team, however a fully-functional exploit can be expected to follow.

For the attacker to launch a successful attack, they need to lure the victim to a malicious Web page or website they have compromised. The exploit also requires JavaScript to exploit Internet Explorer. The exploit targets a vulnerability in the way IE uses the Cascading Style Sheets (CSS) information. CSS is used in many Web pages to define the presentation of the site's content.

Symantec detects the exploit with the Bloodhound.Exploit.129 signature, HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious JavaScript Heap Spray BO IPS signatures. It is anticipated that this exploit will be developed further, therefore new signatures specifically for this exploit are also being created.

Mitigation for consumer users: To minimise the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit websites they trust until fixes are available from Microsoft.

Mitigation for enterprise users:

* Run all software as a non-privileged user with minimal access rights
* Deploy network intrusion detection systems to monitor network traffic for malicious activity
* Do not follow links provided by unknown or untrusted sources
* Set web browser security to disable the execution of script code or active content
* Implement multiple redundant layers of security
Bookmark and Share
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
   © 2012
Netgains Logo