0-day Exploit: Microsoft Internet Explorer "window()" Code Execution Vulnerability
A proof-of-concept exploit is already public for this vulnerability. Technical Description
Via FrSIRT.
Advisory ID : FrSIRT/ADV-2005-2509
CVE ID : GENERIC-MAP-NOMATCH
Rated as : Critical 
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-11-21
A critical vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to execute arbitrary commands. This flaw is due to a memory corruption error when processing malformed HTML pages containing specially crafted calls to the JavaScript "window()" object and the "body onload" tag, which could be exploited remote attackers to take complete control of an affected system by convincing a user to visit a malicious Web page.
This vulnerability has been confirmed on Windows XP SP2 with Internet Explorer 6 (fully patched).
http://www.frsirt.com/exploits/20051121.IEWindow0day.php
Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows XP SP1
Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4
The FrSIRT is not aware of any official supplied patch for this issue.
Disable Active Scripting in Internet Explorer :
1. Start Internet Explorer.
2. On the Tools menu, click Internet Options.
3. On the Security tab, click Custom Level.
4. In the Settings box, click Disable under Active scripting.
5. Click OK, and then click OK.
http://www.frsirt.com/english/advisories/2005/2509
http://www.frsirt.com/english/reference/1111
Credits
Vulnerability originally reported by Benjamin Tobias Franz and exploited by S. Pearson
posted by Fergie @ 11/21/2005 06:50:00 AM
0 Comments:
Post a Comment
<< Home