Gladiator Research and Security - » IE7 Vulnerability Being Exploited

Links

Other Posts: New Adobe Acrobat and Reader Vulnerability; Waledac, The New Storm Worm?

IE7 Vulnerability Being Exploited

Posted on February 19th, 2009 by Ryan Spanier

GSA Reference Number: AD090218-01

Simply Put: An Internet Explorer 7 vulnerability patched in the latest installment of Microsoft updates is now being exploited by malware authors. The patch, designated MS09-002, fixed a memory corruption vulnerability, which can cause remote code execution.

Vulnerability Details: If a user with Internet Explorer 7 visits a website exploiting this vulnerability, a malicious script is executed which forces the browser to download a malicious file and then crash. According to the Snort blog, the file is identified as a Trojan dropper. This is only one example of what can happen by browsing with an unpatched browser.

Countermeasures: Microsoft released a patch for this vulnerability on February 10th. Gladiator recommends that administrators apply this patch to all affected systems as soon as possible. If your organization is not using an automated patch management system, try using Microsoft Baseline Security Analyzer to identify machines lacking the patch. If the patch cannot be applied, Gladiator recommends using a different browser, such as Firefox, until the patch is rolled out.

Related Links:

Microsoft Patch Advisory MS09-002 (http://www.microsoft.com/technet/security/bulletin/MS09-002.mspx)
SANS ISC Article (http://isc.sans.org/diary.html?storyid=5884)
Snort Blog Entry (http://vrt-sourcefire.blogspot.com/2009/02/ms09-002-in-wild.html)
Microsoft Baseline Security Analyzer (http://www.microsoft.com/downloads/details.aspx?familyid=f32921af-9dbe-4dce-889e-ecf997eb18e9&displaylang=en)

Tags: IE7, Internet Explorer, MBSA, Remote Code Execution

Reader Comments

Sorry, comments are closed.