In association with heise online

19 September 2006, 14:20

New unknown holes in Internet Explorer already being exploited

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A previously unknown hole in Internet Explorer has been reported by Sunbelt Software, a security firm, as already under attack through several websites that infect visitors with trojans and spyware. How long this has been happening is unclear, as Sunbelt stumbled across the hole during routine observation of known "crimeware gangs," claim US media reports.

These specially prepared websites – the majority of them porn sites – are clearly using a buffer overflow during the processing of Vector Markup Language (VML) in the browser. This allows them to plant code onto completely patched Windows XP SP2 machines and then execute it with the user's rights – very often administrator privileges. Sunbelt has declined to publish any other details for now, and no patch is currently available. Microsoft has supposedly been informed of the new hole. One way to fight the problem immediately is to deactivate JavaScript.

The zero day exploit reported last week involving a hole in DirectAnimantion ActiveX control of Internet Explorer could also only be remedied by turning off ActiveX. There too the vulnerability is based on a buffer overflow. On the other hand, the only known proof-of-concept exploit functions solely on the Chinese version of Windows. There is no patch for that hole either. Microsoft is currently working on one and will release an update on the next Patch Tuesday.

Given the risks, users should consider switching to another browser. Regardless of whether choosing Firefox, Mozilla or Seamonkey, it's important to remember to install the most current version, since that browser family has also evinced vulnerabilities in the past. Multiple holes were plugged last week, four of them classified by the developers as critical. No exploits for them have been observed as yet. Opera also represents an alternative, particularly because there are almost no exploits for known holes in that software. One reason for this may be that exploits running on Opera are unable to run stably, security experts note.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit