[Dshield] 0-day exploit: Microsoft InternetExplorer"Msdds.dll"Remote Code Exe cution Exploit

brance brance at jhu.edu
Wed Aug 17 21:07:14 GMT 2005


Hmm, according to the FrSIRT site it was reported by an anonymous person..??
Did that anonymous person report it only to FrSIRT, or to MS as well?? 
Anyone at FrSIRT know? Does smell fishy in that regard, at the very least if
this is the case, it's highly irresponsible.. Regardless of full disclosure
opinions...  

And of course I assume the port can be adjusted by any would be
implementer.. 
Swell.. 


Brance :)_S
 

-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of stu
Sent: Wednesday, August 17, 2005 4:43 PM
To: General DShield Discussion List
Subject: Re: [Dshield] 0-day exploit: Microsoft
InternetExplorer"Msdds.dll"Remote Code Exe cution Exploit

I can only think that MS were notified a few months ago but haven't
responded/taken action so they went public. 

-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Chris Wright
Sent: 17 August 2005 21:39
To: 'General DShield Discussion List'
Subject: Re: [Dshield] 0-day exploit: Microsoft Internet
Explorer"Msdds.dll"Remote Code Exe cution Exploit

> -----Original Message-----
> From: list-bounces at lists.dshield.org
> [mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie (Paul 
> Ferguson)
> Sent: Wednesday, August 17, 2005 9:33 PM
> To: list at lists.dshield.org
> Subject: [Dshield] 0-day exploit: Microsoft Internet Explorer 
> "Msdds.dll"Remote Code Exe cution Exploit
> 
> Uh oh.
> 
> Via FrSIRT.
> 
> Advisory : FrSIRT/ADV-2005-1450
> Rated as : Critical
> http://www.frsirt.com/english/advisories/2005/1450
> 
>  * Technical Description *
> 
> A critical vulnerability was identified in Microsoft Internet 
> Explorer, which could be exploited by remote attackers to execute 
> arbitrary commands. This issue is due to a memory corruption error 
> when instantiating the "Msdds.dll" object as an ActiveX control via 
> its class identifier (CLSID), which could be exploited by an attacker 
> to take complete control of an affected system via a specially crafted 
> Web page.
> 
> This vulnerability has been confirmed with Microsoft Internet Explorer 
> 6 SP2 on Windows XP SP2 (fully patched).
> 
>  * Exploits *
> 
> http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
> 
>  * Affected Products *
> 
> Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1 
> Microsoft Internet Explorer 6 for Microsoft Windows XP SP2 Microsoft 
> Internet Explorer 6 for Microsoft Windows Server
> 2003 Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 
> SP1 Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 
> for Itanium-based Systems Microsoft Internet Explorer 6 for Microsoft 
> Windows Server 2003 with
> SP1 for Itanium-based Systems Microsoft Internet Explorer 6 for 
> Microsoft Windows Server 2003 x64 Edition Microsoft Internet Explorer 
> 6 for Microsoft Windows XP Professional x64 Edition Microsoft Internet 
> Explorer 5.01 SP4 on Microsoft Windows 2000 SP4 Microsoft Internet 
> Explorer 6 SP1 on Microsoft Windows 2000 SP4
> 
>  * Solution *
> 
> The FrSIRT is not aware of any official supplied patch for this issue.
> 
>  * References *
> 
> http://www.frsirt.com/english/advisories/2005/1450
> http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
> 
> Exploit:
> http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php
> 

So what happened to the concept of keeping these things under wraps until
the Vendor has had a chance to prepare a response/patch etc etc?

Something smells about this one...

Regards

Chris

--

Chris Wright
http://www.yaps4u.net
http://www.cwic-solutions.co.uk
 


_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


_______________________________________________
send all posts to list at lists.dshield.org To change your subscription options
(or unsubscribe), see: http://www.dshield.org/mailman/listinfo/list



More information about the list mailing list