A SEC Consult descobre uma vulnerabilidade no Internet Explorer

Categoria: Alertas

terça, 05 julho 2005 17:40

Sistemas Operativos Implicados:	Windows XP/NT/2K/Me/98/95
Aplicações Implicadas:	MS Internet Explorer

Esta vulnerabilidade está associada ao objecto javaprxy.dll COM, e pode ser explorada através de um web site malicioso. *Description*:
SEC Consult has discovered a vulnerability in Microsoft Internet
Explorer, which can be exploited by malicious people to compromise a
user"s system.

The vulnerability is caused due to the javaprxy.dll COM object being
instantiated incorrectly in Internet Explorer via the object tag. This
can be exploited via a malicious web site to cause a memory corruption.

Successful exploitation allows execution of arbitrary code, but requires
that the file "javaprxy.dll" exists on the system.

NOTE: "javaprxy.dll" is included with Microsoft Java Virtual Machine.
Exploit code is publicly available.

The vulnerability has been confirmed on a fully patched system with
Internet Explorer 6.0, Microsoft VM (virtual machine) build 3802 and
Microsoft Windows XP SP2. Internet Explorer 5.01 and 5.5 is reportedly
also affected.

*Solution*:
The vendor recommends setting Internet and Local intranet security zone
settings to "High", or unregister, disable or restrict access to the
javaprxy.dll COM object (see Microsoft original advisory for details).
This may affect functionality.

*Provided and/or discovered by*:
sk0L and Martin Eiszner, SEC Consult.

*Changelog*:
2005-07-05: Added CAN-reference and link to US-CERT vulnerability note.
Upgraded criticality to "Extremely critical". Updated "Description" and
"Solution" section.

*Original Advisory*:
Microsoft:
http://www.microsoft.com/technet/security/advisory/903144.mspx

SEC Consult:
http://www.sec-consult.com/184.html

*Other References*:
US-CERT VU#939605:
http://www.kb.cert.org/vuls/id/939605