Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"

Secunia and FRSIRT announce IE vulnerability – Web View Folder Icon Integer Overflow

September 28th 2006 in Uncategorized

Note: despite all the headlines to the contrary, this is not an IE vulnerability, although IE is an exploit vector – it is a vulnerability in the Windows Shell.

Edit: MS Security Advisory here – patch due by October 10
http://www.microsoft.com/technet/security/advisory/926043.mspx 

Secunia and FRSIRT have released information about a new IE vulnerability:
http://secunia.com/advisories/22159/
http://www.frsirt.com/english/advisories/2006/2882

My tests indicate that not only does the demonstration page crash Internet Explorer 7 on Windows XP if you allow the activex control to download and run, it also kills FrontPage until you reboot…. I must have spent half an hour trying to "fix" FrontPage until it occurred to me that the crash I was seeing, and the exploit, both affected the same functionality – Web Folders.

Note, the demonstration page does not work in IE7 on Vista even with Protected Mode turned off – the "Start Demo" button does not respond.

The error in FrontPage that I experienced after crashing IE7 using the exploit was "Cannot find stsnwi.dll" when trying to publish updates.

My skills are not sufficient to be able to tell you if the IE crash is sufficient to allow an exploit, or if it simply crashes IE.  Somebody way smarter than me will need to study that. If I find out, I'll let you know.


One comment to...
“Secunia and FRSIRT announce IE vulnerability – Web View Folder Icon Integer Overflow”

Sonic
wrote on September 28th, 2006      

I am using Internet Explorer RC1 in Windows XP Service Pack 2. I have tested the demonstration page. My IE did not crash. ActiveX Opt-in feature of IE7 disable the ActiveX from running at first. I did not let it to run then. I wonder if ActiveX Opt-in feautre in your IE 7 is available.

Sandi says: As you'll see from my clarified post I had to download the activex and permit it to run before IE would crash.  Also, IE is the exploit vector, it is not vulnerable per se.  See my later blog post (just goes to show, sometimes you can't even trust Secunia or FRSIRT to get their terminology right).


3sharp, a Redmond based technical services company, has been commissioned by Microsoft to undertake a competitive study of various anti-phishing technologies.  The results of that study were released just minutes ago.The IE team comment on the study:http://blogs.msdn.com/ie/archive/2006/09/28/774513.aspx Before we proceed, I will say, right at the outset, that the only safe antiphishing technology is one that […]

Previous Entry

Despite all the headlines to the contrary, this is not an IE vulnerability, although IE is an exploit vector – it is a vulnerability in the Windows Shell – a subtle but important distinction (it just goes to show – always doublecheck what is being said, no matter who the source is – sorry Tony)  [:(] MS Security Advisory here – patch due by […]

Next Entry

Archives