IE flaw bypasses fully patched systems
Users of Microsoft's Internet Explorer (IE) browser were warned today of new exploits that affect even fully patched systems.
A buffer overflow flaw exists in IE's Vector Markup Language, a component of Extensible Markup Language that specifies vector images in a XML document for display.
"This new zero-day attack is trivial to reproduce and has great potential for widespread web-based attacks in the near future," he said.
Dunham told SCMagazine.com that the exploit is related to the WebAttacker Framework toolkit that Russian hackers have sold online.
"This attack toolkit contains multiple exploits for both IE and (Mozilla) Firefox and is used to launch many types of codes," he said. "This greatly increases the likelihood of prevalence for this new vulnerability added to the WebAttacker toolkit suite of exploits."
A Microsoft spokesperson said today that the Redmond, Wash., company is aware of the exploit and preparing a fix for its Oct. 10 Patch Tuesday release, or sooner if the situation warrants.
Microsoft released an advisory on the vulnerability today.
The software giant encouraged PC users to keep anti-virus software up to date and scan for malware.
Earlier this month, hackers published proof-of-concept code for a newly discovered IE flaw, which can allow an attacker to execute malicious code on an affected machine.
Eric Sites, vice president of research and development for Sunbelt Software, told SCMagazine.com that the malware is "pretty dangerous because it blows by any patched Windows IE version."
"We think this is a new version of the WebAttacker kit. We're not sure if someone just took the kit and modified it to fit the exploit, or if someone is selling a new version of the kit," he said.
Microsoft released only three fixes in this month's Patch Tuesday distribution, with only one of the fixes deemed "critical."
"This has been posted to multiple sites. The sites that are hosting this malicious material are the sites that have been created with the sole purpose of distributing malicious content," he said. "Some of the sites also host multiple variations of this exploit."
ISS said in an advisory today that that an attacker may craft a malicious HTML document onto a website to trick the user into loading the malware onto his or her browser.
Click here to email Frank Washkuch Jr.