[Dshield] An unfixed highly critical vulnerability discoveredin Microsoft Internet Explorer

Peter Stendahl-Juvonen peter.stendahl-juvonen at welho.com
Thu Apr 8 18:46:54 GMT 2004


list-bounces at lists.dshield.org <mailto:list-bounces at lists.dshield.org>
wrote on Thursday, April 08, 2004 6:39 PM UTC+3 on behalf of Johannes B.
Ullrich

|| An unfixed highly critical vulnerability discovered in Microsoft
|| Internet Explorer
| 
| Just a note about this one: I keep ignoring MSIE exploits, as I keep
| ignoring variants of Skynet, Beagle, Bugbear and friends.
| 
| This has been a bad combination!
| 
| BugBear.C, which was released yesterday, is using this unpatched MSIE
| vulnerability. Just clicking on the URL sent
| by the worm will get you infected. NO POPUPS! NO WARNINGS!
| 
| There is no good workaround. Disabling Active X will not help.
| 
| Given that this is likely going to be exploited by other viruses
| shortly, I strongly recommend not to click on any URLs.
| 
| Details: http://www.dshield.org/vultest.php
| 


Johannes et al.

One may want to consider the following precautions in making it more
difficult for exploits of this vulnerability:

1) Either disable ITS ((Microsoft InfoTech Storage) protocol handlers by
renaming the following registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\{ms-its, its, mk}

OR

2) disable interpreting of MHTML documents by renaming registry entry
key HKEY_CLASSES_ROOT\PROTOCOLS\Handler\mhtml

3) Avoid browsing suspicious web pages (containing 'object tag' IDs)

4) Consider using another browser


- Pete


"Believe those who are seeking the truth. Doubt those who find it."
               André Gide (1859-1951); French writer.





More information about the list mailing list