Vulnerabilities Discovered in Internet Explorer


« Arrests Made for ZBot / Zeus Trojan | Main | 51 Month Prison Sentence for Spammer Ralsky »

11/22/2009



Vulnerabilities Discovered in Internet Explorer

Kevin R. Smith
Co-Editor


In a recent post to its security blog Symantec, makers of Norton antivirus revealed, a new exploit targeting Internet Explorer was published to the BugTraq mailing list yesterday. Symantec has conducted further tests and confirmed that it affects Internet Explorer versions 6 and 7 as well.

The announcement of the Internet Explorer exploit was surprising to many because of how it targets Cascading Style Sheets, something that hasn't typically been used in these types of attacks.

The exploit got notoriety when a security researcher has published code that could allow an attacker to take over an unsuspecting user's Internet Explorer and install code on the person's computer and then when Symantec took notice and began doing research of their own.

There has always been--and likely always will be--a large degree of controversy around so-called "full-disclosure" security like this because one group of people believe that it's most responsible for the researchers to first notify the manufacturers about the vulnerability so that things can be kept quiet 'til patches are ready.

The other group believes that it's most responsible for the researchers to first notify the community about the vulnerability so that users can take steps to protect themselves against attack.

The debate is though that on one hand if you're only disclosing to the manufacturers and don't notify the community, there could very well be active exploits in the world that other hackers are already using. So, if you don't notify the community, you're being irresponsible by holding back information that may users to protect themselves.

In contrast, if you don't first notify the manufacturers and immediately post the exploit, you're allowing hackers to get information on how to take over your computer without giving any chance for the manufacturers to develop patches.

There are definitely valid points to both sides of the debate, regardless, though in this case the exploit was released to the community first and not to the manufacturer, in this case Microsoft, so there's a new attack on Internet Explorer for which there's no patch available yet.

The good news is that it appears that the best antivirus software is already able to protect against this exploit. Symantec for instance on their Security Blog says,

"Symantec currently detects the exploit with the Bloodhound.Exploit.129 antivirus signature and is working on new signatures now.

"Symantec IPS protection also currently detects this exploit with signatures HTTP Microsoft IE Generic Heap Spray BO and HTTP Malicious Javascript Heap Spray BO.

"A new IPS signature, HTTP IE Style Heap Spray BO, has also been created for this specific exploit.

"To minimize the chances of being affected by this issue, Internet Explorer users should ensure their antivirus definitions are up to date, disable JavaScript and only visit Web sites they trust until fixes are available from Microsoft." [emphasis ours]

As of the writing of this post, there's still no patch; however, by following the steps recommended by Symantec users should be reasonably well protected against this exploit.

Comments

You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.