mailing list archives
Microsoft Internet Explorer Full Remote Compromise w/o User Intervention
From: tuytumadre () att net
Date: Fri, 24 Dec 2004 22:47:31 +0000
Through a joint effort between Micheal Evanchik and Paul (me) of Greyhats Security, a Full Remote Compromise of
Microsoft's Internet Explorer has been developed for SP2 which requires no user interaction. This exploit is based on
several previous vulnerabilities and can be used to write an executable to a user's harddrive and run it, requiring
nothing from the user except visiting a webpage. Microsoft was able to reproduce the issue and has agreed that the
severity is indeed critical. Because the vulnerabilities (3 total, each based on different technologies) have been
known and unpatched for quite some time, we have decided to release the information on this exploit in hopes that in
the future Microsoft will work faster towards patching vulnerabilities that we security researchers disclose to them.
This exploit is definately not for script kiddies and uses several files being hosted on a server so I doubt a worm
will be released that uses this flaw, at least not before a pa!
tch is released. The most common use for this in the upcomming months will probably be spyware. However, you can avoid
all consequences of this exploit by disabling hta files, disabled active scripting, or switching to a different browser
altogether. My recommendation is switch to FireFox (http://firefox.com). I use it; it's just like Internet Explorer,
but with added features like skinning, customization, and O! the security :-)
Paul - http://greyhats.cjb.net
Michael Evanchik - http://michaelevanchik.com
Full-Disclosure - We believe in it.