Alert - Microsoft Security Advisory (917077) Released

[Dr.Melzer 191]

Frisch eingetroffen:

 

 

This email is to notify you that on March 23rd, 2006 Microsoft released Security Advisory (917077) - Vulnerability in the way HTML Objects Handle Unexpected Method Calls Could Allow Remote Code Execution.

 

Purpose of Advisory 917077:

 

Advisory 917077 discusses public reports of a vulnerability in Internet Explorer. The advisory provides an overview of the issue, details on affected components, workarounds, suggested actions, frequently asked questions (FAQ) and links to additional resources.

 

Overview of the issue:

 

When Internet Explorer displays a Web page that contains certain unexpected method calls to HTML objects, system memory may be corrupted in such a way that an attacker could execute arbitrary code. A Web page specially crafted to attempt to exploit this vulnerability will cause Internet Explorer to fail and as a result of this system memory may be corrupted in such a way that an attacker could execute arbitrary code.

 

Status of the exploit:

 

Microsoft has seen examples of proof of concept code but we are not aware of attacks that try to use the reported vulnerability at this time.

 

Mitigating factors:

 

· In a Web-based attack scenario, an attacker would have to host a Web site that contains a Web page that is used to exploit this vulnerability. An attacker would have no way to force users to visit a malicious Web site. Instead, an attacker would have to persuade them to visit the Web site, typically by getting them to click a link that takes them to the attacker's Web site. It could also be possible to display specially crafted Web content by using banner advertisements or by using other methods to deliver Web content to affected systems.

 

· In an e-mail based attack of this exploit, customers who use Outlook, Outlook Express, or another e-mail reader that does not allow script in e-mail messages would have to click a link that takes them to a malicious Web site or open an attachment that could exploit the vulnerability.

 

· An attacker who successfully exploited this vulnerability could gain the same user rights as the local user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.

 

Workarounds:

 

Microsoft has tested the following workarounds. While these workarounds will not correct the underlying vulnerability, they help block known attack vectors. Note that these workarounds may impact functionality. Specific steps for each workaround and possible impacts such as reduced functionality are detailed in Security Advisory (917077).

 

1. Configure Internet Explorer to prompt before running Active Scripting or disable Active Scripting in the Internet and Local intranet security zone.

 

2. Set Internet and Local intranet security zone settings to "High" to prompt before running ActiveX Controls and Active Scripting in these zones.

 

Q: Is there an update that addresses this issue?

 

A: Not at this time. Upon completion of the ongoing investigation, Microsoft will take the appropriate action to help protect our customers. This will include providing a security update through our monthly release process or providing an out-of-cycle security update, depending on customer needs.

 

Recommendations:

 

* Review the Security Advisory (917077) for an overview of the issue, details on affected components, workarounds, suggested actions, frequently asked questions (FAQ) and links to additional resources.

 

http://www.microsoft.com/technet/security/advisory/917077.mspx

 

If you have any questions regarding this alert please contact your Technical Account Manager or Application Development Consultant.

 

Thank you,

Microsoft PSS Security Team