Random Entry: The Passion of Christ
< Mechanical Derangement | Zearle and Socialist Rap >

Internet Explorer 0-day

A group of mornonic security researchers¹ have published a 0-day exploit for Internet Explorer which exploits what was previously thought to be a DoS to allow third party code execution. Turn off Javascript in IE or use another browser like Firefox. More at the ISC.

At first I thought this was a new exploit, then thought it was an old one, but now realise it is a new exploit. It seems that this was first discovered by Benjamin Tobias Franz several months ago, however it was only a DoS then. It appears he didn't disclose the flaw responsibly. However, Computer Terrorists figured out how to turn the DoS into code execution and made no additional effort to report the flaw to Microsoft. That's not cool. This does not free Microsoft of responsibility, they should have seen the DoS and fixed it six months ago, but they couldn't have seen this version coming.

Computer Terrorists, your actions will contribute to a rise is spyware and support the idiot criminals who make the internet a bad place. This is an obvious piece of glory hounding and you deserve to lose clients for your lack of ethics.

UPDATE: There's a snort signature. FrSIRT also has the sploit.
UPDATE II: The ISC just raised the InfoCon Threat Level to yellow.
UPDATE III: Microsoft has released an advisory.

¹I don't want to contribute to their pagerank, I am sure you can figure out the proper link.

Monday, November 21. 2005
Posted by Dominic White in Security
Comments (2) | Trackbacks (0)

Last modified on 2005-11-22 11:48

Trackbacks

Trackback specific URI for this entry

No Trackbacks

Comments

Display comments as (Linear | Threaded)

#1 David Seddon (Reply)
Posted on Tuesday, November 22. 2005

Although I would always condemn such irresponsible action, the facts seem some what different on this occasion. According to the link to the reclassification advisory, this vulnerability has been prevalent for 6 months or so with no one doing a thing about it. Who’s to say that this vulnerability/exploit has not already been used in the wild? Microsoft has some explaining to do…….

#1.1 Dominic White wrote (Link) (Reply)
Posted on Tuesday, November 22. 2005

You are right, I missed that. I definately loose points. I have updated the entry. I still think they could have done more to report the flaw to Microsoft, although Microsoft definately deserves a drubbing down for this one.

Add Comment

Name
Email
Homepage
In reply to
Comment	E-Mail addresses will not be displayed and will only be used for E-Mail notifications. To prevent automated Bots from commentspamming, please enter the string you see in the image below in the appropriate input box. Your comment will only be submitted if the strings match. Please ensure that your browser supports and accepts cookies, or your comment cannot be verified correctly. Enter the string from the spam-prevention image above:
	Remember Information? Subscribe to this entry