[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ISSForum] ISS Protection Brief: Internet Explorer Cross-Zone Vulnerability Exploitation



-----BEGIN PGP SIGNED MESSAGE-----

Internet Security Systems Protection Alert
June 25, 2004

Internet Explorer Cross-Zone Vulnerability Exploitation

Summary:

Active exploitation of a cross-zone privilege escalation vulnerability in 
Internet Explorer has been observed. This vulnerability is exploited to 
install spyware-like malicious applications on target systems. Web-sites 
are being actively compromised using the PCT1 overflow vulnerability. 
Web-browsing users are then compromised when visiting these web-sites which 
have been modified to serve malicious content. 

There is no vendor-supplied patch for Internet Explorer as of the time 
of publication, however ISS has shipped product protection for this issue. 

ISS Protection Strategy:

ISS has provided preemptive protection for these vulnerabilities.  We 
recommend that all customers apply applicable ISS product updates. 

Network Sensor 7.0, Proventia A and G:
  XPU 22.25 / June 21, 2004
  HTTP_IE_ADODB_Stream_SaveToFile

Proventia M:
  XPU 1.23 / June 21, 2004
  HTTP_IE_ADODB_Stream_SaveToFile

ISS has also provided protection for the PCT1 vulnerability used to 
compromise web-servers. This protection has been available for ISS 
customers since September 2003.

Network Sensor 7.0, Proventia A and G:
  XPU 22.19
  SSL_PCT1_Overflow

Proventia M:
  XPU 1.17 
SSL_PCT1_Overflow

These updates are now available from the ISS Download Center at:
http://www.iss.net/download.

For customers that have not updated to the latest XPU, ISS is able 
to provide a custom rule to detect exploitation. This rule is available 
through your technical support representative.

Business Impact:

By exploiting a cross-zone privilege escalation in Internet Explorer, 
it is possible for an attacker to run arbitrary code on target systems. 
In order to exploit this vulnerability, a victim would have to visit 
or be somehow lured to a malicious or compromised website. Successful 
exploitation can be leveraged to gain complete control over target 
systems, and may lead to spyware installation, exposure of confidential 
information, or further network compromise.

For the complete X-Force Protection Alert, please visit:
http://xforce.iss.net/xforce/alerts/id/177

______ 


About Internet Security Systems (ISS) 
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a 
pioneer and world leader in software and services that protect critical 
online resources from an ever-changing spectrum of threats and misuse. 
Internet Security Systems is headquartered in Atlanta, GA, with 
additional operations throughout the Americas, Asia, Australia, Europe 
and the Middle East. 


Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved 
worldwide. 


Permission is hereby granted for the electronic redistribution of this 
document. It is not to be edited or altered in any way without the 
express written consent of the Internet Security Systems X-Force. If you 
wish to reprint the whole or any part of this document in any other 
medium excluding electronic media, please email xforceiss.net for 
permission. 


Disclaimer: The information within this paper may change without notice. 
Use of this information constitutes acceptance for use in an AS IS 
condition. There are NO warranties, implied or otherwise, with regard to 
this information or its use. Any use of this information is at the 
user's risk. In no event shall the author/distributor (Internet Security 
Systems X-Force) be held liable for any damages whatsoever arising out 
of or in connection with the use or spread of this information. 
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server, 
as well as at http://www.iss.net/security_center/sensitive.php 
Please send suggestions, updates, and comments to: X-Force 
xforceiss.net of Internet Security Systems, Inc. 




-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBQNxl/DRfJiV99eG9AQFECgQAkqc4RHSfvuiso/uJLQt1NhzJD2Jws0uC
IN4fqXZqv4bw+weiaNkGZ9rvBzmbI3tkbNSNDFpAHkG7i+EY+qMH0b9Ef3doWyFn
zOrKmk8e6uFRT+AkqHSODMDCcj1UVcaChOjj6s5SsGzbN40TiU6qMb8//Lz7mAjR
5q1rxG0RN5Y=
=ixPM
-----END PGP SIGNATURE-----
_______________________________________________
ISSForum mailing list
ISSForum@xxxxxxx

TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum

To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx

The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.