New IE graphics vulnerability ( Archived) (10)

Cited from FRSIRT - parts excluded due to forum rules (namely other reference URLs)

...

Advisory ID : FrSIRT/ADV-2006-3679
CVE ID : CVE-2006-3866
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-09-19

Technical Description

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a buffer overflow error in the Microsoft Vector Graphics Rendering library (Vgx.dll) when processing Vector Markup Language (VML) documents containing a "rect" shape with an overly long "fill" method, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.

FrSIRT has confirmed this vulnerability on a fully patched Windows XP SP2 system. This issue is currently being exploited in the wild by malicious web sites.

Affected Products

Microsoft Internet Explorer 5.01 Service Pack 4 on Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 2000 Service Pack 4
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows XP Service Pack 1
Microsoft Internet Explorer 6 for Microsoft Windows XP Service Pack 2
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 Service Pack 1
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 with SP1 (Itanium)
Microsoft Internet Explorer 6 for Microsoft Windows Server 2003 x64 Edition
Microsoft Internet Explorer 6 for Microsoft Windows XP Professional x64 Edition
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows 98 SE
Microsoft Internet Explorer 6 Service Pack 1 on Microsoft Windows Millennium Edition

Solution

The FrSIRT is not aware of any official supplied patch for this issue.

Disable Active Scripting in the Internet and Local intranet security zones :

- In Internet Explorer, click Internet Options on the Tools menu
- Click the Security tab
- Click Internet, and then click Custom Level
- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
- Click Local intranet, and then click Custom Level
- Under Settings, in the Scripting section, under Active Scripting, click Disable, and then click OK
- If you are prompted to confirm that you want to change these settings, click Yes
- Click OK to return to Internet Explorer

Note : Disabling Active Scripting may cause some Web sites to work incorrectly.

Given the choices above what would you do Prof?

ahem. switch to mozilla firefox.

I would never use IE, and use Firefox. It's faster, more stable, and is patched/modified all the time by people who care about it - not people who want to make $ off of it like Microsoft does.

Firefox > IE

I'm in the process of starting a project that J mentioned to me a bit ago - I'm working on writing a browser in DarkBasic which won't have any issues that IE does due to it being based on a completely different graphics set, and isn't recycled code.

i don't see ie7 listed, however...

This isn't the one I mentioned in the other thread - this is another vulnerability that surfaced today.

thanks.

I've told people for years not to use IE. Every other week someone finds a glitch in it to cause problems and exploit your PC. I upgraded to IE7 just in case, but I don't even use it.

Firefox and Opera, and I'm sure other browsers, are totally free. Plus they upgrade often.

You got that right....tis why I swithched over to firefox.