[Dshield] IE 0day

Paul Marsh pmarsh at nmefdn.org
Wed Nov 23 15:09:13 GMT 2005


It might be the lack of sleep or because it's T-Day eve here in the US
but the following line is great, you should copy right
it................

 "I'm sorry, that section of my brain appears to be write-protected."



-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org] On Behalf Of mjost
Sent: Wednesday, November 23, 2005 9:06 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] IE 0day


This patch after further checking does not correct this issue; it is a
hidden add-on patch fix, which when I performed the proof of concept,
crashed IE, Microsoft's Crash Analysis recommended this patch. The popup
continues, i.e. there in lies the problem.



"I'm sorry, that section of my brain appears to be write-protected."



-----Original Message-----
From: mjost [mailto:mjost at cox.net]
Sent: Tuesday, November 22, 2005 8:10 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] IE 0day

Microsoft has a fix at
http://support.microsoft.com/?scid=kb;en-us;888240

That patches this issue of add on's.

-----Original Message-----
From: David Taylor [mailto:ltr at isc.upenn.edu]
Sent: Monday, November 21, 2005 9:27 AM
To: 'General DShield Discussion List'
Subject: Re: [Dshield] IE 0day

I haven't tested it but there is more information on the discoverer's
site.

http://www.computerterrorism.com/research/ie/ct21-11-2005

4. TEMPORARY SOLUTION

Until a patch is developed, users are advised to disable active
scripting for non-trusted sites.


==================================================
David Taylor //Sr. Information Security Specialist University of
Pennsylvania Information Security Philadelphia PA USA
(215) 898-1236
http://www.upenn.edu/computing/security/
==================================================

SANS - The Twenty Most Critical Internet Security Vulnerabilities
http://www.sans.org/top20/

SANS - Internet Storm Center
http://isc.sans.org

irc.freenode.net #dshielders
http://freenode.net/



-----Original Message-----
From: list-bounces at lists.dshield.org
[mailto:list-bounces at lists.dshield.org]
On Behalf Of Faber, Sidney
Sent: Monday, November 21, 2005 10:12 AM
To: list at lists.dshield.org
Subject: [Dshield] IE 0day


Has anyone been able to confirm any info about this IE remote code
execution 0day reported by FrSIRT?  Can anyone recommend a reasonable
defense?

http://www.frsirt.com/exploits/20051121.IEWindow0day.php



One of these IE 0days back in 2004 ushered in the new era of spyware
infestation, I hope it doesn't happen again...

Thanks!
sid


___________________
Sid Faber
Federated Investors
Information Security
sfaber at federatedinv.com
412-288-7427



Communication systems of Federated Investors, Inc. and its affiliates
are for Federated business use only and are the property of Federated.
Federated reserves the right to review all messages on its systems for
any purpose at any time and without any prior notification.  Information
on the systems may be reviewed by supervisors and senior management,
provided by Federated to regulators or law enforcement agencies, or used
for other purposes consistent with Federated's business interests.

The contents of this message may be confidential and legally privileged.
If you have received this message in error, please notify us immediately
by e-mail at notify at federatedinv.com and then delete this message from
your system.  Please do not copy it or use it for any purposes, or
disclose its contents to any other person.  To do so could violate state
and Federal privacy laws.  Thank you for your cooperation.

_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list






_________________________________________
Using .Net? Need to know more about .Net Security?
http://isc.sans.org/banner_count.php?dest=dotnet

_______________________________________________
send all posts to list at lists.dshield.org To change your subscription
options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list



The information in this transmittal (including attachments, if any) is privileged and confidential and is intended only for the recipient(s) listed above. Any review, use, disclosure, distribution or copying of this transmittal is prohibited except by or on behalf of the intended recipient. If you have received this transmittal in error, please notify me immediately by reply email and destroy all copies of the transmittal. Thank you.



More information about the list mailing list