[Dshield] 0-day exploit: Microsoft Internet Explorer"Msdds.dll"Remote Code Exe cution Exploit

Mick Bergman mick at mickbergman.com
Wed Aug 17 20:45:30 GMT 2005


We block all ActiveX at the firewall. It has had so many vulnerabilities
over its history it just isn't worth the trouble.

Mick


-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of stu
Sent: Wednesday, August 17, 2005 4:39 PM
To: General DShield Discussion List
Subject: Re: [Dshield] 0-day exploit: Microsoft Internet
Explorer"Msdds.dll"Remote Code Exe cution Exploit

Great. Thanks for the heads up. Looks like we'll be seeing yellow status
again soon :)

Solution.. ? disable activex? 

Stu
-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of Fergie (Paul
Ferguson)
Sent: 17 August 2005 21:33
To: list at lists.dshield.org
Subject: [Dshield] 0-day exploit: Microsoft Internet Explorer
"Msdds.dll"Remote Code Exe cution Exploit

Uh oh.

Via FrSIRT.

Advisory : FrSIRT/ADV-2005-1450
Rated as : Critical
http://www.frsirt.com/english/advisories/2005/1450

 * Technical Description *

A critical vulnerability was identified in Microsoft Internet Explorer,
which could be exploited by remote attackers to execute arbitrary
commands. This issue is due to a memory corruption error when
instantiating the "Msdds.dll" object as an ActiveX control via its class
identifier (CLSID), which could be exploited by an attacker to take
complete control of an affected system via a specially crafted Web page.

This vulnerability has been confirmed with Microsoft Internet Explorer 6
SP2 on Windows XP SP2 (fully patched).

 * Exploits *

http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

 * Affected Products *

Microsoft Internet Explorer 6 SP1 on Microsoft Windows XP SP1
Microsoft Internet Explorer 6 for Microsoft Windows XP SP2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 SP1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 for
Itanium-based Systems
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1
for Itanium-based Systems
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64
Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64
Edition
Microsoft Internet Explorer 5.01 SP4 on Microsoft Windows 2000 SP4
Microsoft Internet Explorer 6 SP1 on Microsoft Windows 2000 SP4 

 * Solution *

The FrSIRT is not aware of any official supplied patch for this issue.

 * References *

http://www.frsirt.com/english/advisories/2005/1450 
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

Exploit:
http://www.frsirt.com/exploits/20050817.IE-Msddsdll-0day.php

- ferg





--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg at netzero.net or fergdawg at sbcglobal.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list


_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list





More information about the list mailing list