Links
New Internet Explorer Remote Code Execution Vulnerability
GSA Reference Number: AD100302-01
Simply Put: A new Internet Explorer remote code execution exploit has been released. This vulnerability affects Internet Explorer 6, 7, and 8 running on Windows 2000, Windows XP, and Windows Server 2003. This vulnerability uses VBScript and Windows Help files to force a victim machine to run remote code. In order to trigger this vulnerability, a user would have to hit the F1 key while visiting a malicious website.
Attack Details: Proof of concept code for this attack has been released, meaning it is only a matter of time before it is seen on malicious websites. This vulnerability cannot exploit machines unless users open Internet Explorer Help, commonly launched by hitting the F1 key. This attack does not affect newer Microsoft Operating Systems, more specifically, Windows Vista, Windows Server 2008, and Windows 7. This is a remote code execution vulnerability and should be considered high risk at this time.
Countermeasures: Microsoft has not released a patch for this vulnerability at this time. Gladiator recommends that all users be made aware of this vulnerability. Users should be warned not to launch Internet Explorer Help or hit the F1 key while Web browsing until a patch is available. Other mitigating factors are listed in the Microsoft Security Advisory, including disabling Active Scripting in Internet Explorer.
Reference Links:
- Microsoft Security Advisory (http://www.microsoft.com/technet/security/advisory/981169.mspx?pubDate=2010-03-01)
- SANS ISC Diary (http://isc.sans.org/diary.html?storyid=8332)