Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 14th, 2008

Internet Explorer 7 Zero-day Vulnerability Expands To Versions 5.01, 6, And 8

Researchers are warning that the unpatched security vulnerability in Microsoft’s Internet Explorer affects more versions of the browser than previously thought. The attack surface for password-stealing Trojans currently targeting an unpatched flaw in Internet Explorer has expanded to include all versions of the browser, including the newest IE 8 Beta 2.

Updated advisory says that the bug has been actively exploited since Tuesday in versions 5.01, 6, and 8 of the Internet Explorer browser. A previous warning from Microsoft only said that IE 7 was susceptible to the attacks. IE is susceptible when running on all supported versions of the Windows operating systems, Microsoft also says.

Vista users with User Account Control enabled are also unprotected. Microsoft and others have suggested that those who must use IE in the next few weeks set the security level to high for the internet security zone or disable active scripting. These are sensible measures, but they don’t guarantee full protection, according to  Secunia blog. The exploit could work on Vista SP1 Explorer 7.0.6001.18000, Vista SP0 Explorer 7.0.6000.16386, and also on WinXP SP3, Explorer 7.0.5730.13.

Secunia goes on to revise what it says is the cause of the vulnerability. Contrary to earlier reports that pinned the blame on the way IE handles certain types of data that use the extensible markup language, or XML, format, the true cause is faulty data binding, meaning exploit code need not use XML.

Microsoft has yet to say whether it plans to issue a fix ahead of next month’s scheduled release. Microsoft released an updated advisory to warn that the underlying flaw affects much more than IE 7 and to spread the word about additional workarounds that can help limit the damage from actual attacks.

To protect yourself, Zero Day blog suggests the following workaround:

Set Internet and Local intranet security zone settings to “High” to prompt before running ActiveX Controls and Active Scripting in these zones:

1. On the Internet Explorer Tools menu, click Internet Options.
2. In the Internet Options dialog box, click the Security tab, and then click the Internet icon.
3. Under Security level for this zone, move the slider to High. This sets the security level for all Web sites you visit to High.  If no slider is visible, click Default Level, and then move the slider to High.

Configure Internet Explorer to prompt before running Active Scripting or to disable Active Scripting in the Internet and Local intranet security zone:

1. In Internet Explorer, click Internet Options on the Tools menu.
2. Click the Security tab.
3. Click Internet, and then click Custom Level.
4. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
5. Click Local intranet, and then click Custom Level.
6. Under Settings, in the Scripting section, under Active Scripting, click Prompt or Disable, and then click OK.
7. Click OK two times to return to Internet Explorer.

Enable DEP for Internet Explorer 7

1. In Internet Explorer, click Tools, click Internet Options, and then click Advanced.
2. Click Enable memory protection to help mitigate online attacks.

(Some browser extensions may not be compatible with DEP and may exit unexpectedly. If this occurs, you can disable the add-on, or revert the DEP setting using the Internet Control Panel. This is also accessible using the System Control panel).

Microsoft’s latest advisory also includes technical instructions on how to use ACL to disable OLEDB32.DLL, how to Unregister OLEDB32.DLL and how to Disable Data Binding support in Internet Explorer 8.

IE users should bear in mind that there’s a growing list of exploitive sites taking aim at this vulnerability and now that the exploit code is publicly available, the threat will certainly grow in the coming days and weeks.

Share this article with others:

More on CyberInsecure:
  • Zero-Day Internet Explorer Vulnerability Exploited In Targeted Email Attacks
  • Pressing F1 In Internet Explorer Might Allow Malware Installation In Older Windows Versions
  • MS Internet Explorer 7 Popup Window Address Bar Spoofing Vulnerability
  • Cross-Domain Vulnerability In Microsoft Internet Explorer 6
  • Internet Explorer 0-day Malware Infects Amnesty International Hong Kong Website Visitors

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Internet Explorer 7 Zero-day Vulnerability Expands To Versions 5.01, 6, And 8

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.