Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista

Use Netsparker


It seems a new, fairly serious flaw has been discovered in Internet Explorer 7 – and as accounts go it’s been around for a couple of months in the underground.

The worrying part is, patch Tuesday was yesterday and after testing it’s been discovered that this flaw WAS NOT patched in the updates.

ISC reports that it’s not currently widely used, but it has been found in the wild.

Microsoft said it is investigating reports that a new exploit is going around that takes advantage of an unpatched security hole in Internet Explorer 7.

The SANS Internet Storm Center, which tracks hacking trends, said today that while the exploit does not appear to be widely in use at the moment, that situation is likely to change soon, since instructions showing criminals how to take advantage of this flaw have been posted online.

SANS emphasizes that this vulnerability is not one that was fixed in the massive bundle of patches that Microsoft issued yesterday. It is not clear what steps users can take to protect themselves against this threat, other than to browse the Web with something other than IE, such as Mozilla Firefox or Opera. This appears to be the type of vulnerability that could be used to give attackers complete control over an affected system merely by convincing users to browse to a specially-crafted hacked or malicious Web site.

It seems the safest thing is not to use IE, which I personally have been doing since about 1998 anyway. But still, some people claim they have problems with Java or JavaScript or AJAX enabled sites with Firefox.

There’s always Opera, or even the new Google Chrome.

This exploit is a serious one as someone only needs to visit the site and remote code can be injected into their OS and executed.

According to SANS, the exploit works against fully-patched Windows XP and Windows 2003 systems with Internet Explorer 7.

In a statement e-mailed to Security Fix, Microsoft said once it is done with its investigation, the company “will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”

Once again it’s demonstrated how stupid ‘Patch Tuesday’ is and how half of the people on the Internet are going to be vulnerable to this serious flaw until the first Tuesday in January.

I really hope Microsoft pushes out an emergency patch outside their schedule ASAP.

You can find a list of the sites known to be distributing the code on Shadowserver here.

Source: Security Fix

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , , , , , , , , ,


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


2 Responses to Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista

  1. theamoeba December 12, 2008 at 7:52 am #

    hmm, but safari had a bug like this too not so long ago.

  2. Hayden December 17, 2008 at 8:14 pm #

    this just goes to show that everyone should use firefox+linux… just because MS tells you to do something doesn’t mean you have to do it…