Patch/Configuration Management, Vulnerability Management

Hack code published for Internet Explorer vulnerability

Hackers have published code for a newly discovered flaw in Microsoft's Internet Explorer (IE), which can allow an attacker to execute malicious code on an affected machine.

The exploit can infect a PC after convincing users to visit a malicious website, according to Microsoft.

"Microsoft is aware of proof-of-concept code published publicly, but is not aware of any attacks attempting to use the reported vulnerability or of customer impact at this time," said a Microsoft spokesman. "We will continue to investigate these public reports."

The flaw is located in Microsoft DirectAnimation Path ActiveX control, a part of Daxctle.ocx.

The exploit was first published by hackers on the XSec website.

Microsoft released a security advisory on the flaw this week, warning users that a hacker would have to use social engineering to lure them to a malicious site.

Once a hacker infects a PC, he or she could then gain the same user rights as a local user

Versions of IE on Windows 2000 Service Pack 4, XP Service Pack 1 and on XP Service Pack 2 are affected by this flaw, according to the advisory.

Secunia qualified the flaw as "extremely critical," advising users to only allow trusted websites to run ActiveX controls.

Dave Cole, director of Symantec Security Response, told SCMagazine.com today that this flaw is not as serious for end users as the Windows metafile (WMF) flaw that threatened users late last year.

"It's not quite as bad. With WMF you needed exploit code. This one is, in terms of impact, more like the CreateTextRange flaw we saw earlier this year. It's now WMF, but it is critical, sure," he said. "Now is not the time to go our and try to find cracks and wares and go to the bad parts of the internet. It's not a bad time to disable active scripting. There are ways of defending yourself on this one. Be careful where you point your browser, go to trusted sites."

Symantec researchers posting on the Security Response Center blog said that their company is releasing intrusion prevention signatures for the issue and advising customers to have the latest updates installed.

"Upon further analysis, we have determined that the vulnerability is, in fact, a bigger overflow related to how IE tries to instantiate a certain DirectionAnimation COM object as an ActiveX control. At this point, we believe that successful exploitation of this vulnerability may allow an attacker to execute remote code on the compromised system," Symantec researcher Vince Hwang wrote.

Click here to email Frank Washkuch Jr.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.