Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Protection for Unpatched Zero Day Vulnerability in IE

BitDefender UK : 15 March, 2010  (New Product)
Users of Internet Explorer versions 6 and 7 can take advantage of an update issued by BitDefender to protect against a flaw in the browser which still remains unpatched by Microsoft
BitDefender has released an emergency update to protect computer users against the newly-discovered flaw in Internet Explorer versions 6 and 7 which could allow remote code execution, after tricking the user into visiting a malicious web page. Microsoft has issued a warning bulletin and a patch is underway to mitigate the vulnerability.

In order to stay safe, BitDefender recommends that you download, install and update a complete antimalware suite with antivirus, antispam, antiphishing and firewall protection and take extra caution when prompted to open files from unfamiliar locations.

Potential risk scenario

Initially, a prospective victim is lured into visiting a specially crafted web link advertised either via spam messages or as posted on bulletin boards, social networks etc. This webpage contains JavaScript code obfuscated by using the escape function. In order to bypass detection from antivirus products, the script calls a secondary JavaScript that replaces a variable with the unescape string.

The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser's User Data area, making it persistent. Every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).

Mitigating the risks

Microsoft has announced that the exploit is already in the wild and that users will be provided with a fix 'as soon as possible.' Since Internet Explorer 8 is not vulnerable to the attack, the next logical step would be to upgrade immediately. However, many custom-made applications in the corporate environment are strongly interconnected with IE 6 or IE 7 and might not work as expected on Internet Explorer 8.

BitDefender is currently detecting the exploit and blocking the malicious code before it is able to inflict any damage to a user's computer. Moreover, all BitDefender customers have been proactively protected against the infected binaries which the exploit is trying to install on the local machine.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo