[Dshield] IE 0day

mjost mjost at cox.net
Wed Nov 23 14:05:43 GMT 2005


This patch after further checking does not correct this issue; it is a
hidden add-on patch fix, which when I performed the proof of concept,
crashed IE, Microsoft's Crash Analysis recommended this patch. The popup
continues, i.e. there in lies the problem.



"I'm sorry, that section of my brain appears to be write-protected."



-----Original Message-----
From: mjost [mailto:mjost at cox.net] 
Sent: Tuesday, November 22, 2005 8:10 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] IE 0day

Microsoft has a fix at http://support.microsoft.com/?scid=kb;en-us;888240

That patches this issue of add on's.

-----Original Message-----
From: David Taylor [mailto:ltr at isc.upenn.edu] 
Sent: Monday, November 21, 2005 9:27 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] IE 0day

I haven't tested it but there is more information on the discoverer's site.

http://www.computerterrorism.com/research/ie/ct21-11-2005

4. TEMPORARY SOLUTION

Until a patch is developed, users are advised to disable active scripting
for non-trusted sites.


==================================================
David Taylor //Sr. Information Security Specialist
University of Pennsylvania Information Security 
Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
================================================== 

SANS - The Twenty Most Critical Internet Security Vulnerabilities 
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org [mailto:list-bounces at lists.dshield.org]
On Behalf Of Faber, Sidney
Sent: Monday, November 21, 2005 10:12 AM
To: list at lists.dshield.org
Subject: [Dshield] IE 0day


Has anyone been able to confirm any info about this IE remote code
execution 0day reported by FrSIRT?  Can anyone recommend a reasonable
defense?

http://www.frsirt.com/exploits/20051121.IEWindow0day.php



One of these IE 0days back in 2004 ushered in the new era of spyware
infestation, I hope it doesn't happen again...

Thanks!
sid


___________________
Sid Faber
Federated Investors
Information Security
sfaber at federatedinv.com
412-288-7427



Communication systems of Federated Investors, Inc. and its affiliates are
for Federated business use only and are the property of Federated.
Federated reserves the right to review all messages on its systems for any
purpose at any time and without any prior notification.  Information on the
systems may be reviewed by supervisors and senior management, provided by
Federated to regulators or law enforcement agencies, or used for other
purposes consistent with Federated's business interests.

The contents of this message may be confidential and legally privileged.  If
you have received this message in error, please notify us immediately by
e-mail at notify at federatedinv.com and then delete this message from your
system.  Please do not copy it or use it for any purposes, or disclose its
contents to any other person.  To do so could violate state and Federal
privacy laws.  Thank you for your cooperation.

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list








More information about the list mailing list