Thursday, March 29, 2007 3:34 PM
cmosby
McAfee Avert Labs Blog - Unpatched Drive-By Exploit Found On The Web
Unpatched Drive-By Exploit Found On The Web
Wednesday March 28, 2007 at 4:44 pm CST
Posted by Craig Schmugar
Trackback
Several of my posts over the last few months have centered around very targeted zero-day attacks. This post covers an exploit that McAfee researchers discovered in the field, posted to a message board. That posting was simply a proof of concept; however McAfee Avert Labs has since received a malicious sample as well. It is quite likely that similar exploits targeting this vulnerability are currently being used in other attacks on the web.
Preliminary tests demonstrate that Internet Explorer 6 and 7 running on a fully patched Windows XP SP2 are vulnerable to this attack. Windows XP SP0 and SP1 do not appear to be vulnerable, nor does Firefox 2.0. Exploitation happens completely silently.
The vulnerability lies in the handling of malformed ANI files. Known exploits download and execute arbitrary exe files. This vulnerability is reminiscent of MS05-002.
More information will be posted as it becomes available.
Update March 29 @ Noon
Additional information has been posted here:
http://www.avertlabs.com/research/blog/?p=233
Source: Computer Security Research - McAfee Avert Labs Blog
Filed under: Security and Anti-Virus, Patch Management, Microsoft Windows, AntiVirus Information, Internet Hacks