A french IT security firm is warning of a previously unknown (“zero day”) vulnerability that affects most versions of Microsoft’s Internet Explorer Web browser. The hole, if exploited, could allow remote attackers to circumvent defensive features in fully patched WIndows 7 and Windows Vista and run malicious code on vulnerable systems.
The warning was first issued by Vupen Security on December 9. The company, based in Montpellier, France, said it had discovered a “use-after-free” error in the mshtml.dll library – IE’s HTML rendering engine – that could allow attackers to take complete control of a vulnerable system.
Use-after-free errors happen when a program continues using a pointer to an area of computer memory after that memory has been freed. In cases, the freed memory can be re-allocated and used to launch attacks, such as buffer overflows, that can result in malicious code being run on a vulnerable system, according to OWASP.
In this case, the flaw could be exploited when IE loaded specially formated Cascading Style Sheets (CSS) files that included @import rules, which allow Web sites to incorporate style sheets from external sites.
According to a blog post from Offensive Security, exploits for the vulnerability can be used to run malicious code on most supported versions of Windows and Internet Explorer, including Microsoft’s latest release: Internet Explorer 8 running on fully patched versions of Windows 7. The exploit, when combined with other attack techniques, allows attackers to bypass two Windows security features, Data Execution Protection (DEP) and Address Space Layout Randomization (ASLR), that are specifically designed to thwart malicious code. A sample exploit targeted at the vulnerability was added to the Metasploit framework on December 20.
JL on
< rant warning > < rant warning > < rant warning > < rant warning > < rant warning >
Forgive me if i'm missing the point, i'm no native english speaker. But.
In case there is a vulnerability disclosure we often read COULD but when it concerns protections like DEP and ASLR we rarely read it COULD protect against a threat.
Whenever I read a post describing threats with "could" i become suspicious. Isn't this just a load of hype being delivered ? What do you mean, COULD. Either it works and is a threat or it does not, or it does/does not in some scenario's.
Attacks are organised events not something like spontaneous combustion for which one has to wait for it to happen. So not could, it does or it does not within that specific scenario.
Not like this "In this case, the flaw could be exploited when IE loaded specially formated Cascading Style Sheets (CSS) files that included @import rules, which allow Web sites to incorporate style sheets from external sites."
Thank you for your time and consideration.
http://www.englishpage.com/modals/could.html
<rant ends ><rant ends ><rant ends ><rant ends ><rant ends ><rant ends ><rant ends >