Print
Discuss
Send to friend
RSS feedsSecurity watchdog the US Computer Emergency Readiness Team (US-Cert) has warned Internet Explorer (IE) users to update patches after it discovered a buffer overflow vulnerability that gives hackers local admin rights to execute arbitrary code on compromised PCs.
The so-called heap buffer overflow vulnerability centres on the way IE handles the SRC and Name attributes of Frame and Iframe elements.
US-Cert warned that publicly available exploit code could use JavaScript to prepare heap memory with blocks that consist of Nop slides and shell code.
"After mishandling overly long SRC and Name attributes, IE de-references a memory address that may fall within one of the prepared heap blocks, running through the Nop slide and executing the attacker's shell code," the security watchdog said.
"Without the ability to prepare the heap blocks, this attack become significantly more difficult."
Other programs that use the WebBrowser ActiveX control (e.g., Outlook, Outlook Express, AOL, Lotus Notes) could be affected by this vulnerability, the security watchdog warned.
Hackers exploiting the bug need to convince a user to view a specially crafted HTML document, such as a web page or an HTML email message, after which the attacker could execute arbitrary code with the privileges of the user.
The attacker could also cause IE (or the program using the WebBrowser control) to crash.
US-Cert said that, while there is no complete solution to this problem, users should begin by installing Windows XP Service Pack 2 which the organisation said "does not appear to be affected by this vulnerability".
Users are advised to disable Active scripting to make it more difficult for attackers to prepare the heap to execute arbitrary code.
"At a minimum, disable Active scripting in the internet zone and the zone used by Outlook, Outlook Express, or any other software that uses the WebBrowser ActiveX control," US-Cert advised.
The security group also advised IE users to follow basic common sense security procedures such as not clicking on unsolicited URLs received in email, instant messages, web forums or internet relay chat channels.
Email client software should be configured to render email messages in plain text rather than HTML, and antivirus software should be kept up to date.
See also:
Vulnerability research claims shocking results 17 Feb 2005
Just open an email and you could be the next victim, warns security firm 04 Nov 2004
Security threats have a significant effect on business - so are IT managers prepared? 12 Jul 2004All Bugs & Fixes
del.icio.us
Digg this
reddit!
