Links
More IE Flaw Details
There has been more information released about the Internet Explorer (IE) 0-day vulnerability. Microsoft has stated now that the vulnerability affects more versions of IE than previously thought. Vulnerable versions include IE 7, IE 8 (beta), IE 6 (non-SP2) and IE 5. Gladiator recommends that users switch to a different browser for the time being. Using Internet Explorer for banking applications that are not compatible with other browsers is fine, but do not use IE to browse the Internet.
The vulnerability was previously reported as an issue with the way IE handles XML. With new information, Microsoft has determined it is an issue with heap spraying. This is still a remote code execution vulnerability. Gladiator is tracking connections to sites reported as serving this exploit and implementing new signatures to deal with the evolving threat. For more information on the sites hosting the malware and the current signatures, see the shadowserver.org articles below.
Related Links:
- Shadowserver.org Dec 10 IE 0-day alert (http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081210)
- Shadowserver.org Dec 11 IE 0-day alert (http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20081211)
- Updated Microsoft Advisory (http://www.microsoft.com/technet/security/advisory/961051.mspx)
- SANS ISC Diary – IE 0-day exploit (http://isc.sans.org/diary.html?storyid=5458)