C5 SECURITY ALERT: Microsoft Internet Explorer ActiveX Dialog Box Manipulation Vulnerability

Share Article

Leading vulnerability management expert on secure elements is available to comment on MS Internet Explorer threat.

A vulnerability has been found in Microsoft Internet Explorer which could be used by attackers to run arbitrary code on target systems. The flaw is due to a race condition that exists when displaying and processing modal security dialog boxes prompting the user to install or execute an ActiveX control, which could allow for remote code to be executed.

“Another month, another zero day vulnerability. System administrators are not looking forward to a new round of IE patches with the same poor quality as last months,’ said Scott Carpenter, director of security labs at Secure Elements. “This vulnerability is just the most serious one for IE that has been discovered this month. I predict quite a few visits to http://explorerdestroyer.com/. Fortunately for Microsoft, this month also has seen multiple vulnerabilities in Firefox and Mac OSX Safari.”

Engineers within the Secure Elements Security Lab, the leader in enterprise vulnerability management and compliance risk reduction solutions, believe this exploit has a high probability to be used to create a worm or virus in the near future, and have classified the vulnerability as “8,” meaning the vulnerability is locally and remotely exploitable and can allow an attacker to run arbitrary code on your system. There is high probability of being used in a virus or worm. The Secure Elements Security Lab engineers are not aware of any official patches released by Microsoft. As a workaround, Secure Elements recommends disabling Active Scripting in Internet Explorer.

C5 EVM users have been advised to deploy remediation SE-0005218 (which disables active scripting in Internet Explorer) immediately due to the imminent threat represented by this zero day exploit.

Systems Impacted:

    Microsoft Internet Explorer 5.0

    Microsoft Internet Explorer 5.01

    Microsoft Internet Explorer 5.01 SP1

    Microsoft Internet Explorer 5.01 SP2

    Microsoft Internet Explorer 5.01 SP3

    Microsoft Internet Explorer 5.01 SP4

    Microsoft Internet Explorer 5.5

    Microsoft Internet Explorer 5.5 SP1

    Microsoft Internet Explorer 5.5 SP2

    Microsoft Internet Explorer 6.0

    Microsoft Internet Explorer 6.0 SP1

    Microsoft Internet Explorer 6.0 SP2

    Microsoft Internet Explorer 7.0 beta1

    Microsoft Internet Explorer 7.0 beta2

References:

    http://www.securityfocus.com/bid/17713/
    http://www.frsirt.com/english/advisories/2006/1559
    http://archives.neohapsis.com/archives/fulldisclosure/2006-04/0759.html
Proof of Concept code has been released

    http://downloads.securityfocus.com/vulnerabilities/exploits/modal_dialog_race.html
Secure Elements Security Labs Director, Scott Carpenter is available to discuss the vulnerability, what it means to consumers and businesses, the motivations of the worm authors and the reaction to the worm by members of the vulnerability management community.

Enterprises or others may contact Secure Elements at 1-800-709-5011 to obtain more information or schedule discussions with expert sources from Secure Elements.

Members of the media interested in obtaining commentary from Mr. Carpenter of Secure Elements should contact: Stephanie Stadler; Telephone: +1 703-287-7819 or +1 703-300-4089.

About Secure Elements

Secure Elements, an enterprise vulnerability management leader, automates security remediation strategies and tactics across the entire enterprise, reducing business risk and IT management costs while improving systems performance and maintaining business continuity. Protecting mission critical and network infrastructure assets from both known and unknown attacks without limiting operational performance, the company rapidly identifies and intelligently responds to complex and diverse security incidents. Using real-time threat intelligence data and analysis, Secure Elements provides administrators with optimal security control across the enterprise. Herndon, Va.-based Secure Elements serves organizations in the federal government and critical infrastructure markets, as well as Global 1000 corporations.

###

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Jennifer Stanley
Visit website