Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista

Use Netsparker


It seems a new, fairly serious flaw has been discovered in Internet Explorer 7 – and as accounts go it’s been around for a couple of months in the underground.

The worrying part is, patch Tuesday was yesterday and after testing it’s been discovered that this flaw WAS NOT patched in the updates.

ISC reports that it’s not currently widely used, but it has been found in the wild.

Microsoft said it is investigating reports that a new exploit is going around that takes advantage of an unpatched security hole in Internet Explorer 7.

The SANS Internet Storm Center, which tracks hacking trends, said today that while the exploit does not appear to be widely in use at the moment, that situation is likely to change soon, since instructions showing criminals how to take advantage of this flaw have been posted online.

SANS emphasizes that this vulnerability is not one that was fixed in the massive bundle of patches that Microsoft issued yesterday. It is not clear what steps users can take to protect themselves against this threat, other than to browse the Web with something other than IE, such as Mozilla Firefox or Opera. This appears to be the type of vulnerability that could be used to give attackers complete control over an affected system merely by convincing users to browse to a specially-crafted hacked or malicious Web site.

It seems the safest thing is not to use IE, which I personally have been doing since about 1998 anyway. But still, some people claim they have problems with Java or JavaScript or AJAX enabled sites with Firefox.

There’s always Opera, or even the new Google Chrome.

This exploit is a serious one as someone only needs to visit the site and remote code can be injected into their OS and executed.

According to SANS, the exploit works against fully-patched Windows XP and Windows 2003 systems with Internet Explorer 7.

In a statement e-mailed to Security Fix, Microsoft said once it is done with its investigation, the company “will take appropriate action to help protect customers. This may include providing a security update through the monthly release process, an out-of-cycle update or additional guidance to help customers protect themselves.”

Once again it’s demonstrated how stupid ‘Patch Tuesday’ is and how half of the people on the Internet are going to be vulnerable to this serious flaw until the first Tuesday in January.

I really hope Microsoft pushes out an emergency patch outside their schedule ASAP.

You can find a list of the sites known to be distributing the code on Shadowserver here.

Source: Security Fix

Posted in: Exploits/Vulnerabilities, Windows Hacking

, , , , , , , , , , , , , ,


Latest Posts:


Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.


2 Responses to Microsoft IE7 Exploit Allows Remote Code Execution on XP & Vista

  1. theamoeba December 12, 2008 at 7:52 am #

    hmm, but safari had a bug like this too not so long ago.

  2. Hayden December 17, 2008 at 8:14 pm #

    this just goes to show that everyone should use firefox+linux… just because MS tells you to do something doesn’t mean you have to do it…