Exploit now publicly available for unpatched IE flaw
'Its just a matter of time before (it) gets turned into a virus or a worm,' says one security expert
Computerworld - An exploit has become publicly available for a newly disclosed critical -- and as yet unpatched -- vulnerability in Microsoft Corp.s Internet Explorer Web browser (see "IE worries continue with critical bug").
The exploit, which has been posted on several Internet sites, gives even relatively novice hackers an easy way to take advantage of a flaw in the way IE processes information using the createTextRange () method, according to Secure Elements Inc., a Herndon, Va.-based security firm.
Its just a matter of time before the exploit gets turned into a virus or a worm capable of creating considerable damage on unprotected systems, said Scott Carpenter, director of security labs at Secure Elements.
"The most probable vector for this worm will be in the form of an e-mail with malicious links that will tempt users into clicking on a link that takes them to a Web site from which malicious code can be downloaded, he said.
According to Carpenter, the exploit code was originally released by a hacker group known as Unl0ck.net and has since been published on various sites.
The public availability of that exploit code prompted the SANS Internet Storm Center to raise its alert level to Yellow from the normal Green for the next 24 hours.
The flaw in question was disclosed earlier this week and relates to the manner in which IE responds when presented with specially crafted HTML code. The flaw allows hackers to present data that would corrupt system memory in a way that could allow the attacker to execute arbitrary code, according to a Microsoft description of the flaw.
The vulnerability exists on fully patched systems with IE 6.0 running Microsoft Windows XP service Pack 2. The vulnerability has also been confirmed in the IE 7 Beta 2 Preview (January edition).
This vulnerability could allow an attacker to execute arbitrary code on the user's system in the security context of the logged-on user, Microsoft said.
As a result, systems that are configured to give users limited access rights will be less affected, while those that have full administrative privileges could find their systems completely under the control of a remote attacker, Carpenter said.
Despite the potentially critical nature of the vulnerability, there are several mitigating factors, according to Microsoft. An attacker would have to first convince users to visit a malicious Web site for the vulnerability to be exploited, and the flaw can't be exploited automatically through e-mail or while viewing e-mail through the preview pane. Microsoft has also suggested turning off the Active Scripting function in IE as a way to prevent the exploit from working.
A Microsoft spokesman said that the company has seen a sample of proof-of-concept code but was not aware of any actually attacks or customers being affected.
Read more about Malware and Vulnerabilities in Computerworld's Malware and Vulnerabilities Topic Center.



- Excel 2010 Cheat Sheet
- Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.
- Reducing the Cost and Complexity of Web Vulnerability Management
- Hackers and cybercriminals are constantly refining their attacks and targets; which means you need agile tools to stay ahead of them.
Download this... - Overcome Top 7 Admin Challenges of Active Directory
- As Active Directory's role in the enterprise has drastically increased, so has the need to secure the data. Gain insight on creating repeatable,...
- Insiders Can Ruin Your Company. Take Action.
- Did you know that 80 percent of threats to an organization come from the inside? The threat from insiders is often overlooked in...
- Top Solutions and Tools to Prevent Devastating Malware
- Custom malware frequently goes undetected. According to Forrester Research, the best way to reduce risk of breach is to deploy file integrity monitoring...
- Streamline Compliance and Increase ROI
- Streamline, simplify, and automate compliance related activities; especially those that impact multiple business units. This white paper from NetIQ, outlines solutions that will... All Malware and Vulnerabilities White Papers
- Optimizing Networks for the Cloud
- Join guest speaker, Rohit Mehra, IDC Director of Enterprise Communications Infrastructure, to explore current trends, discuss best practices for optimizing Data Center and...
- Apps QuickStart Series Part 2: Designing and Deploying SQL Server on VMware vSphere
- Download this webcast to learn about the design considerations for virtualizing SQL workloads, performance and scalability information and high-availability options, as well as...
- Apps QuickStart Series Part 1: Designing and Deploying Exchange 2010 on VMware vSphere
- Download this webcast to learn the virtual hardware design considerations for Exchange 2010, deployment using the building block approach, options for high-availability and...
- Customer Spotlight: How IPC The Hospitalist Company Implemented Oracle on VMware
- Have you been looking to hear about customer's experiences with the new VMware vCenter Site Recovery Manager product? View this webcast to learn...
- Virtualize Business-Critical Applications with Confidence
- Virtualizing business-critical applications has become a key focus for organizations as they move along their virtualization journey. With the launch of VMware vSphere®... All Malware and Vulnerabilities Webcasts