Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zero-Day IE Exploit Takes Control of PCs

Posted by CmdrTaco on from the here-we-go-again dept.

anethema writes "A remote IE exploit with implementations is currently in the wild. From the article: 'Exploit code for a critical flaw in fully patched versions of Microsoft Corp.'s Internet Explorer browser has been released on the Internet, putting millions of Web surfers at risk of computer hijack attacks.' Aparently all you have to do is browse the page to be affected. There is no patch, but since it is a JavaScript exploit, you can work around it by disabling JavaScript."

30 of 567 comments (clear)

  1. Firefox by jsmucker · · Score: 0, Informative

    Easy fix...Firefox http://www.mozilla.org/products/firefox/

  2. Zero-day? No. by MoNickels · · Score: 3, Informative

    The original article and the Slashdot headline are wrong. It's not a "zero-day exploit." The article itself says, "The group that published the exploit said Microsoft has been aware of the Javascript Window() vulnerability for several months but was mistakenly treating it as a low-priority denial-of-service flaw." A zero-day exploit is one that is discovered or revealed the day software becomes available, be it brand-new software, an update, a patch, or a service pack.

    --

    Wordnik, a dictionary project which aims to collect

    1. Re:Zero-day? No. by Anonymous Coward · · Score: 1, Informative

      It is a 0day exploit. The vuln was previously released months back, but at the time it was thought to DoS(not a remote exploit). But information released today shows that this vuln can be exploited remotely. So it is 0day.

      BTW the POC is here
      http://www.computerterrorism.com/research/ie/poc.h tm

      Start the slashdotting....

    2. Re:Zero-day? No. by Anonymous Coward · · Score: 1, Informative

      urm no, that's the definition for "zero day" in the warez scene.

      In the security world any exploit for a vulnerability which is unknown to the community (be that a commercial or a foss community) is a zero day exploit. Admins have zero days to patch their systems.

      Be that as it is, it's still not a zero day exploit, but that's because the vulnerability was known, not because it's existing software.

    3. Re:Zero-day? No. by Anonymous Coward · · Score: 2, Informative

      No.

      A zero-day exploit is one that takes advantage of a security vulnerability on the same day that the vulnerability becomes generally known. Ordinarily, after someone detects that a software program contains a potential exposure to exploitation by a hacker, that person or company can notify the software company and sometimes the world at large so that action can be taken to repair the exposure or defend against its exploitation. Given time, the software company can repair and distribute a fix to users. Even if potential hackers also learn of the vulnerability, it may take them some time to exploit it; meanwhile, the fix can hopefully become available first.

    4. Re:Zero-day? No. by Anonymous Coward · · Score: 1, Informative

      The parent's statement is mostly false. The "zero-day" in "zero-day" exploit refers to a software bug of which the vendor and the networked public at large are unaware. It has nothing to do with the date of release of the software. However, the parent is correct in stating that the exploit is not zero-day because it is described as "known".

  3. Re:I'm glad to see that by xtracto · · Score: 2, Informative

    It is Total Cost of 0wnership =-)

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  4. This code by paranode · · Score: 4, Informative

    Will DOS Firefox. Not as bad as an exploit but they have issues to fix as well.

  5. Re:Link to a copy? by tomasvilda · · Score: 4, Informative

    Here you can test an exploit on IE: http://www.computerterrorism.com/research/ie/poc.h tm -- http://tvilda.stilius.net/

  6. Re:This is why... by nyc_paladin · · Score: 3, Informative

    And use the NoScript extension https://addons.mozilla.org/extensions/moreinfo.php ?application=firefox&id=722

    --
    All that is necessary for the triumph of evil is that good men do nothing. --Edmund Burke
  7. Re:I hope this gets into a doubleclick ad by Xarius · · Score: 4, Informative

    I know he's considered as a bit of a prick, but ESR explains exactly why this would be one of the worst things that could happen here.

    Make of it what you will.

    --
    C17H21NO4
  8. How to disable JavaScript by Rinnt · · Score: 2, Informative

    Yes, for most it may be extremely easy. But in case you haven't had to do it for some time:

    To disable JavaScript in IE, click Tools, Internet Options and choose the Security tab. Click the Internet icon, click the Default Level button, and move the slider to High.

    ...Shamelessly stolen from here.

  9. Re:Is there a tenor in the house? by Killjoy_NL · · Score: 2, Informative

    Could have been written by a dutch guy since of=or in dutch :)

    --
    This is the sig that says NI (again)
  10. Re:I don't care by meringuoid · · Score: 2, Informative
    Take off the tin foil hat. The amount of work it would take to write such an exploit would be huge and would only get a tiny fraction of the market. There's no profit in it, there's no notoriety for it.

    Would a worm do all that, or a clueless script kiddie? Probably not. As you say, there are too few dual-boot systems around. Bear in mind however that the Linux partition is still at risk from a malicious kiddie letting rip with fdisk.

    But would a hacker do it? Yes, I think so. Especially if he'd just been directly challenged to do so by someone who thinks the wall between Windows and Linux in a dual-boot system is so impenetrable...

    --
    Real Daleks don't climb stairs - they level the building.
  11. Duh! (+1, informative) by hummassa · · Score: 3, Informative

    Sony's CD copy protection installs in your Windows machine a rootkit that renders invisible any file whose name starts with '$sys$'.
    The *nix joke "word^Wother" (also written "word^H^H^H^H") meant: i wrote "word", but repented and erased it (with one control-w or N control-h keys) and substituted it for "other".
    The newly made Sony/Windows joke "$sys$word other" means: "word" becomes invisible and, just as in the unix case, I am saying "other" (when I really mean the harsher "word").
    Funny thing is, it's not as funny when I explain it. :-(

    --
    It's better to be the foot on the boot than the face on the pavement. ~~ tkx Kadin2048
    1. Re:Duh! (+1, informative) by Omega697 · · Score: 4, Informative

      What he meant was that there were 4 ^W's and when you erase 4 words you wind up with the nonsensical statement in his post.

    2. Re:Duh! (+1, informative) by Anonymous Coward · · Score: 1, Informative

      Way to over-explain the joke that everyone already got, chuckles. He was just pointing out that there were only 4 ^W characters instead of the 5 that would be required for the statement to make sense.

    3. Re:Duh! (+1, informative) by mazarin5 · · Score: 2, Informative
      Oh, I got it.

      The "^W" control character deletes the preceding word, not character. This distinguishes from "^H", which deletes only the preceding character, thus they aren't interchangable.

      If you notice, I quoted you with the four words preceding "^W^W^W^W" deleted, as if the "^W"s had actually had an effect on the sentence. That made your sentence incomplete, and therefore nonsense.

      Therefore "Huh?".

      Granted, it wasn't worthy of Mark Twain, but it was meant to be humorous.

      --
      Fnord.
  12. Re:Opera affected too? by porneL · · Score: 5, Informative

    Not affected. I've tested <body onload="window();"> and nothing happens besides JS console logging "Statement on line 1: The Object does not implement [[Call]]".

  13. Re:Link to a copy? by Trip+Ericson · · Score: 2, Informative

    Google for Portable Firefox and give it a try. Works just fine for me on all the school computers, without the hassles of getting the Microsoftophiles upset.

  14. Re:lazy story submitters by tpgp · · Score: 3, Informative

    Here you go

    --
    My pics.
  15. Re:Link to a copy? by Tony+Hoyle · · Score: 2, Informative

    Same on IE. Didn't seem to do anything on opera.

    Not sure if crashing the browser can really be called an 'exploit'. Slashdot headline writers on crack again...

  16. Re:HTML in Outlook Affected? by GuanoTO · · Score: 2, Informative

    Sadly yes, it will use IE extensions to display the html (and associated) code. It is a hardcoded call to IE, not the default browser.

    Much like following the HotMail link in MSN Messenger will launch a new IE window, despite having FF set as the default browser.

  17. Re:If a problem like this was found in Firefox... by Maian · · Score: 2, Informative

    Um, you must be one hell of a Firefox fanatic to completely ignore the fact there have been serious published and previously unpatched (but now patched) vulnerabilities in Firefox before. Why the hell was this modded insightful? Now it may be true that Mozilla fixes vulnerabilities faster than the IE team, but this is an outright lie.

  18. Re:Ouch. by springbox · · Score: 3, Informative
    I may be a nerd, but I like to think of my page design [andreweckford.com] as "clean" and "fast-loading", thank you very much.

    Import a CSS on every page and you can get a nicer looking layout with little cost. "Small in size" and "fast loading" does not necessarily mean "default color scheme."

  19. Re:Give it 5 by Anonymous Coward · · Score: 2, Informative

    This is the code for Google Analytics. http://www.google.com/analytics/ There's nothing to see here.

  20. Links by Sheepdot · · Score: 2, Informative

    Relevant links:
    http://lists.seifried.org/pipermail/security/2005- May/008466.html
    http://www.computerterrorism.com/research/ie/ct21- 11-2005
    http://www.computerterrorism.com/research/ie/poc.h tm

  21. Re:Link to a copy? by Anonymous Coward · · Score: 1, Informative

    Firefox 1.0.7
    Windows XP SP2
    Extensions: IETab, Web Developer Toolbar

    Nothing visible happened. No slowdown occurred. No programs were launched. The Javascript console logged an error: "Error: runpoc is not defined".

  22. Re:This is why... by zachdms · · Score: 5, Informative

    Check out DropMyRights - should be exactly what you want.

  23. Re:Advice for not getting this virus by lgw · · Score: 2, Informative

    Older versions of Norton AV leaked memory like crazy, but only when you ran a scan. The realtime protection was fine. You did need to reboot after a scan, however. Newer versions are either fixed or not so bad that I notice.

    --
    Socialism: a lie told by totalitarians and believed by fools.