Published on RioSec (http://riosec.com)

Home > Internet Explorer 0-day Javascript exploit

Internet Explorer 0-day Javascript exploit

By Christopher
Created 2005-11-21 17:07

SANS InfoCon [1] has been raised to yellow today and for good reason; A  security researcher working for the UK company Computer Terrorism has published a 0-day remote code execution PoC [2] exploit.  This uses an older [3] vulnerability in Internet Explorer versions 5.5 and 6.0 thought to cause a DoS only.  More information is available in the FrSIRT advisory [3].  Currently the only available countermeasures that I am aware of are:

  1. Disable all "active content" (i.e. Javascript and VBScript) in untrusted security zones
  2. Use another web browser [4], at least for the time being (you might not want to switch back)
  3. Detect or Block based on signature (there's a Bleeding-edge Snort [5] signature available here [6])

Be careful out there.

Except where otherwise noted, site content is licensed under a Creative Commons Attribution 2.5 License
Source URL: http://riosec.com/ie-javascript-0day

Links:
[1] http://isc.sans.org
[2] http://www.computerterrorism.com/research/ie/ct21-11-2005
[3] http://www.frsirt.com/english/advisories/2005/2509
[4] http://www.mozilla.org/products/firefox/
[5] http://www.bleedingsnort.com/
[6] http://www.bleedingsnort.com/cgi-bin/viewcvs.cgi/sigs/CURRENT_EVENTS/CURRENT_Internet_Explorer?view=markup