[Dshield] 0-day exploit: Microsoft Internet Explorer "Msdds.dll"Remote Code Exe cution Exploit

Chris Wright dshield at yaps4u.net
Wed Aug 17 20:39:12 GMT 2005


> -----Original Message-----
> From: list-bounces at lists.dshield.org 
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie 
> (Paul Ferguson)
> Sent: Wednesday, August 17, 2005 9:33 PM
> To: list at lists.dshield.org
> Subject: [Dshield] 0-day exploit: Microsoft Internet Explorer 
> "Msdds.dll"Remote Code Exe cution Exploit
> 
> Uh oh.
> 
> Via FrSIRT.
> 
> Advisory : FrSIRT/ADV-2005-1450
> Rated as : Critical
> http://www.frsirt.com/english/advisories/2005/1450
> 
>  * Technical Description *
> 
> A critical vulnerability was identified in Microsoft Internet 
> Explorer, which could be exploited by remote attackers to 
> execute arbitrary commands. This issue is due to a memory 
> corruption error when instantiating the "Msdds.dll" object as 
> an ActiveX control via its class identifier (CLSID), which 
> could be exploited by an attacker to take complete control of 
> an affected system via a specially crafted Web page.
> 
> This vulnerability has been confirmed with Microsoft Internet 
> Explorer 6 SP2 on Windows XP SP2 (fully patched).
> 
>  * Exploits *
> 
> http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
> 
>  * Affected Products *
> 
> Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1 
> Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 
> Microsoft Internet Explorer 6 for Microsoft Windows Server 
> 2003 Microsoft Internet Explorer 6 for Microsoft Windows 
> Server 2003 SP1 Microsoft Internet Explorer 6 for Microsoft 
> Windows Server 2003 for Itanium-based Systems Microsoft 
> Internet Explorer 6 for Microsoft Windows Server 2003 with 
> SP1 for Itanium-based Systems Microsoft Internet Explorer 6 
> for Microsoft Windows Server 2003 x64 Edition Microsoft 
> Internet Explorer 6 for Microsoft Windows XP Professional x64 
> Edition Microsoft Internet Explorer 5.01 SP4 on Microsoft 
> Windows 2000 SP4 Microsoft Internet Explorer 6 SP1 on 
> Microsoft Windows 2000 SP4 
> 
>  * Solution *
> 
> The FrSIRT is not aware of any official supplied patch for this issue.
> 
>  * References *
> 
> http://www.frsirt.com/english/advisories/2005/1450
> http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
> 
> Exploit:
> http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
> 

So what happened to the concept of keeping these things under wraps until
the Vendor has had a chance to prepare a response/patch etc etc?

Something smells about this one...

Regards

Chris

--

Chris Wright
http://www.yaps4u.net
http://www.cwic-solutions.co.uk
 



More information about the list mailing list