Unpatched IE Flaw Extremely Critical

Durinthal writes "The biggest blip on the security radar over the Thanksgiving holiday was the realization by the security community that an Internet Explorer problem first identified six months ago was a lot worse than it appeared, as what appeared to be only a DoS vulnerability also allows for execution of arbitrary code. The realization caused Secunia to issue a rare 'Extremely Critical' advisory."

Proof of Concept

[Motherfucking+Shit]

Here is a link to the Proof of Concept page, which will launch an instance of calc.exe if you're vulnerable. AVG Free caught the exploit in the cached page, but calc.exe ran anyway, even after I deleted the file.

Re:Proof of Concept

[Pxtl]

Hm. I get a "Script Prompt" window over a tiny IE window, with the name of your site in a textbox. A few seconds later (or when I touch it) it snaps and then I get the windows "close-details" app crash window.

So it disturbs the browser, but it doesn't hack it for me.

Re:Proof of Concept

[TheSpoom]

Slightly offtopic, but if you're wondering, NAV calls anything it considers suspicious enough to stop but doesn't have a name for yet "Bloodhound" because that's the component that detects buffer overflows and the like. Just something rather interesting I found when I was doing tech support.

Re:Proof of Concept

[PlusFiveTroll]

Firefox didnt crash, if you waited long enough (like I did) it opens up a popup dialog full of ??????'s, you can then close the window. But it did take a full 3 minutes on a Athlon64 300+ with a gig of ram. calc.exe does not run.

Temp Fix

[Manip]

Turn on "Data Execution Protection" for all programs and services. Instead of allowing full execution it will limit it to a DOS (crack IE).

Control Panel -> System -> Advanced [Tab] -> Performance Settings -> Data Execution Protection [Tab] -> Turn on DEP for all programs and services except those I select -> Ok -> OK.

Re:Temp Fix

[_Shorty-dammit]

I believe DEP is on by default for IE anyways, so I'm not sure this is even necessary. I just tried the proof-of-concept test on my machine, and all it did was bring up some script prompt, didn't launch calc.exe as it should have. This is with the IE7 beta, btw.

It affects Firefox, too.

[Mitchell+Mebane]

Although it's not as severe.

https://bugzilla.mozilla.org/show_bug.cgi?id=31733 4

Re:Scummy eweek popup alert

[BattleRat]

The extention you are looking for is called NoScript. It works awesome.

Re:Scummy eweek popup alert

[HoosierPeschke]

Try this NoScript. It's a whitelist so you can allow only certain sites to use javascript.

McAfee Fails It

[Orrin+Bloquy]

On my W2K box, McAfee warns me of a threat, then as soon as I close the window, the code executes anyway.

Simmer down

[TubeSteak]

The URL is http://www.ocremix.org/
And here's the submitter's user page http://slashdot.org/~Durinthal

I think you mistook the submitter for **Beatles-Beatles
This Beatles guy is really getting out of hand.
He manages to taint stories he isn't even submitting. ...or maybe /.'ers need to stop being so effing hyper sensitive about certain things.

Re:Extremely Dupical

OK, now I know Slashdot's biased, but posting this twice and not posting this at all?

All your OS are belong to Sun!

Re:Firefox v1.5

[m0i]

This makes Slashdot exactly on the day Firefox v1.5 is supposed to be released. Apparently, Mozilla want to create a huge marketing campaign, better and larger than the one for v1.0. This is a perfect time to capitalize on this horrible security hole to promote Firefox.

Hrm, did you notice that Firefox 1.5 is crashing as well on this exploit? It's not a security risk but a big annoyance nonetheless.