United States
Anatomy of an ARP Poisoning Attack
WatchGuard Technologies, Inc.
WatchGuard Technologies, Inc.
ProductsPartnersSupportAbout UsHow to BuySearchProfile
 
Products  

Security Articles

Video Tutorials

WatchGuard Feeds

WatchGuard Wire

Radio Free Security

White Papers

Case Studies

Network Security Glossary

WatchGuard Wire
Improve Your Security IQ

Zero day IE 6 and 7 drive-by download vulnerability 

23 November 09 -- A few days ago, an unknown grey hat calling himself "K4mr4n_st" released exploit code for a zero day vulnerability in Internet Explorer (IE) 6 and 7, to the Bugtraq security mailing list. The exploit's author did not release any details about this IE vulnerability. However, researchers at Symantec have anaylzed the exploit, and discovered that it leverages a heap buffer overflow flaw involving the way IE handles cascading style sheets (CSS)

By enticing you to a specially crafted web site, an attacker can exploit this new vulnerability to execute code on your computer, with your privileges. If you have local administrator privileges, as most Windows users do, the attacker gains complete control of your computer.

I have tested K4mr4n_st's exploit many times on a Windows XP SP3 virtual machine. So far, I have not had any success getting it to work. That said, Symantec reports that the exploit does work, though it has reliability issues. While this particular exploit may not work consistently, most experts expect more stable versions to surface shortly. Therefore, I consider this zero day flaw a fairly serious risk.

Being a zero day vulnerability, Microsoft has not had time to patch the flaw yet. However, the exploit relies on Javascript in order to work. Until Microsoft patches, you can protect yourself from this new exploit by disabling Javascript. Personally, I browse the Internet using Firefox and its NoScript extension. NoScript ensure that scripts, like Javascript, are denied by default. By browsing with this NoScript, I can prevent many drive-by downloads exploits, such as this new zero day, from affecting my computer. I highly recommend you do the same -- at least until Microsoft fixes IE. -- Corey Nachreiner, CISSP 

Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.