New Out-of-Band Advisory from Microsoft: Proof-of-Concept Exploit Available

[Symantec]

New Out-of-Band Advisory from Microsoft: Proof-of-Concept Exploit Available
<p><strong>Update:</strong> On September 30, 2006, Symantec Security Response received reports that the WebViewFolderIcon ActiveX control vulnerability is being actively exploited in the wild.</p>

<p>Shortly following the out-of-band patch for the VML vulnerability earlier this week, Microsoft is releasing yet another out-of band advisory. The latest advisory, released today (September 29, 2006), addresses an ActiveX vulnerability in Microsoft Windows.</p>

<p>The vulnerability is a buffer overflow in the Microsoft WebViewFolderIcon ActiveX control, which, if successfully exploited, will allow an attacker to perform remote code execution on the victim machine. Failed attempts would likely result in browser crashes. Proof-of-concept exploit code is available publicly. </p>

<p>In order to carry out an attack, the attacker would need to employ some form of social engineering (such as emails, instant messages, or banner ads) and try to convince potential victims to click on links that would lead them to malicious Web sites that contain crafted exploits against the vulnerabilty. Upon arriving at the malicious site, the victim's browser (Internet Explorer) would then process the WebViewFolderIcon object, thereby triggering the vulnerability and allowing the exploit to be executed. </p>

<p>Currently, there is no patch available for the WebViewFolderIcon ActiveX control vulnerability. However, according to Microsoft's advisory, the company anticipates having a patch available on October 10, 2006. </p>

<p>In response to this vulnerability, Symantec has released new antivirus (AV) and intrusion prevention (IPS) security updates to proactively protect customers against possible exploit attempts against this vulnerability. Users are advised to ensure they have the latest security updates installed; this will help them mitigate the vulnerability until a patch is available from Microsoft. Additionally, Symantec is advising that users should avoid clicking on links from unknown or untrusted sources, as well as disable the execution of script code or active content in their IE browsers.</p>
http://www.symantec.com/enterprise/security_response/weblog/2006/09/another_outofband_patch_from_m.html
http://www.symantec.com/enterprise/security_response/weblog/2006/09/another_outofband_patch_from_m.html
Fri, 29 Sep 2006 12:57:33 -0800