Just when you thought it was safe again

December 16, 2008


Forget about it.  Events like this and other zero days will forever put data at Risk.  Of course Im talking about the new 0-day vulnerability that promises to pwn systems the world over, unless you use another browser such as the excellent Firefox and wind up getting pwned by some other exploit.  These are called drive-bys but don’t leave your physical body red and bloody, just your bank account and identity and you sense of personal well being and place in this world.  At least there are some that can rapidly respond with intelligence and sympathy.  Im speaking about the excellent analysis that is available from the researchers at Websense and other organizations who consistently provide the detail for enlightened understanding. 

heap_spray

Here is what they have come up with… on …DruUUUm roll please…  The IE7 0-day!  It exploits a library function in IE to exploit XML functionality with a ofuscated Javascript delivered by still more SQL injection attacks.  The actual shell code is pretty awesome and can pwn Vista as well due to the evolution of exploits utilizing HeapSpray techniques instead of typical and rapidly becoming exinct buffer overflows via the stack.  From this point it can deliver to a host system any manner of malware as seen here and here.

Heh,  I just confirmed that one of our clients got exploited on the 11th/12th which means that its pretty prevalent.  That was like 4 days ago!

Milw0rm already has posted the Exploit code POC so its only a matter of time till mass chaos.  At this point Microsoft doesnt have a patch yet.  And Metasploit has already added a universal exploit for it in the excellent engine of mass destruction. 

On another note, peeps should be using the Microsoft Malicous Software Removal Tool (MSRT) as it removes a ton of malware from their systems monthly.  You can read up on the malware it removes here which gives pretty good descriptions of the nastiness out there today.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: