[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[ISSForum] ISS Protection Brief: Internet Explorer Cross-Zone Vulnerability Exploitation
-----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Protection Alert
June 25, 2004
Internet Explorer Cross-Zone Vulnerability Exploitation
Active exploitation of a cross-zone privilege escalation vulnerability in
Internet Explorer has been observed. This vulnerability is exploited to
install spyware-like malicious applications on target systems. Web-sites
are being actively compromised using the PCT1 overflow vulnerability.
Web-browsing users are then compromised when visiting these web-sites which
have been modified to serve malicious content.
There is no vendor-supplied patch for Internet Explorer as of the time
of publication, however ISS has shipped product protection for this issue.
ISS Protection Strategy:
ISS has provided preemptive protection for these vulnerabilities. We
recommend that all customers apply applicable ISS product updates.
Network Sensor 7.0, Proventia A and G:
XPU 22.25 / June 21, 2004
XPU 1.23 / June 21, 2004
ISS has also provided protection for the PCT1 vulnerability used to
compromise web-servers. This protection has been available for ISS
customers since September 2003.
Network Sensor 7.0, Proventia A and G:
These updates are now available from the ISS Download Center at:
For customers that have not updated to the latest XPU, ISS is able
to provide a custom rule to detect exploitation. This rule is available
through your technical support representative.
By exploiting a cross-zone privilege escalation in Internet Explorer,
it is possible for an attacker to run arbitrary code on target systems.
In order to exploit this vulnerability, a victim would have to visit
or be somehow lured to a malicious or compromised website. Successful
exploitation can be leveraged to gain complete control over target
systems, and may lead to spyware installation, exposure of confidential
information, or further network compromise.
For the complete X-Force Protection Alert, please visit:
About Internet Security Systems (ISS)
Founded in 1994, Internet Security Systems (ISS) (Nasdaq: ISSX) is a
pioneer and world leader in software and services that protect critical
online resources from an ever-changing spectrum of threats and misuse.
Internet Security Systems is headquartered in Atlanta, GA, with
additional operations throughout the Americas, Asia, Australia, Europe
and the Middle East.
Copyright (c) 2004 Internet Security Systems, Inc. All rights reserved
Permission is hereby granted for the electronic redistribution of this
document. It is not to be edited or altered in any way without the
express written consent of the Internet Security Systems X-Force. If you
wish to reprint the whole or any part of this document in any other
medium excluding electronic media, please email xforceiss.net for
Disclaimer: The information within this paper may change without notice.
Use of this information constitutes acceptance for use in an AS IS
condition. There are NO warranties, implied or otherwise, with regard to
this information or its use. Any use of this information is at the
user's risk. In no event shall the author/distributor (Internet Security
Systems X-Force) be held liable for any damages whatsoever arising out
of or in connection with the use or spread of this information.
X-Force PGP Key available on MIT's PGP key server and PGP.com's key server,
as well as at http://www.iss.net/security_center/sensitive.php
Please send suggestions, updates, and comments to: X-Force
xforceiss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE-----
-----END PGP SIGNATURE-----
ISSForum mailing list
TO UNSUBSCRIBE OR CHANGE YOUR SUBSCRIPTION, go to https://atla-mm1.iss.net/mailman/listinfo/issforum
To contact the ISSForum Moderator, send email to mod-issforum@xxxxxxx
The ISSForum mailing list is hosted and managed by Internet Security Systems, 6303 Barfield Road, Atlanta, Georgia, USA 30328.