New vulnerability in IE

General Topics
1

Hi forum members,

A Dutchman found a new hta vulnerability in IE with which a computer can be taken over. Read:
http://jeffrey.vanderstad.net/grasshopper/
The code will be published whenever the MS patch is there.

polonus

2

Hi,

Wow I am glad that a hacker didn’t find it and that the person alerted Microsoft. It appears that they won’t patch it in IE 6 but we will have to wait until IE 7 (I think).

~justin1278

3
We have been trying to get this fix into the next IE release, but it's been a lot of work to do that as it's relatively late in the cycle. It looks like it will make it in though.
I should hope so. If you know the envelope is broken, why even bother sending it out??? I do have to admit that there have been quite a few improvement made in IE 7. There are many more that could still be made.
4

Hi Justin1278 and bob3160,

They will patch it in the coming patching round (which of course will be on a Tuesday), it is that critical, and there are more of these hta holes. There was one in 2004, we have already forgotten about that one, and if I remember right it is the malware vector of KAK worm. So there is nothing new under the sun, and malware artists re-invent the same patterns over and over again (HTA holes enable to load RATs, like for instance Q trojan).

If you want to do something about it now, there is a free solution HTASTOP: http://www.nsclean.com/htastop.html

polonus

5

Hi Polonus,

That is certainly good news to know.

6

Well, I was on the January version of IE7 Beta2 but as of today, I have the March 20th version. So far, this one seems a little more stable. And hopefully, that hta vulnerability is not in IE7.

7

Hi Charley,

Again it is not the IE that is the problem here, it is the Microsoft Scripting Machine that is causing these holes. Bitdefender’s AVX Script Wall protects you here from all sides, also in a program like Outlook etc.
One thing we should never have had was Active-X, it was a big mistake from the very start. HTA vulnerabilities now where you think you download a pdf.file and you get some nasty malware downloaded in stead proof this.
If these vulnerabilities are not tackled for good, I would choose an alternate browser still. With IE7 they have come a long way, but it is not all convincing. Windows XP SP2 33 security updates in 6 days (including a Sunday).

polonus

8

Yeah, I understand, Polonus. And I agree that Active-X is not really a good thing. Unfortunately, it is here and too many will use it or allow it to be used.

It appears, though, from an update posting at that link …

http://jeffrey.vanderstad.net/grasshopper/

… that IE7 may be safe from this vulneribility.

Some answers March 22, 2006 ____________________________________________________________________ Good news, yesterday I installed Internet Explorer 7 ßeta2 preview, the exploit DOES NOT WORK in this browser.

Perhaps MS found a way to close this hole and, thus, released the March 20th version of IE7.
??? :slight_smile:

As for me, I never have liked PDF files … there has always seemed to be something not quite right about them. I never use them unless I have no other choice and it must be done. Well, maybe it’s just me as far as PDF files go. :stuck_out_tongue:

9

Simple solution!! :wink: Use another browser ::slight_smile: as long a IE is a M$ product every man and his dog will
try to pump holes in it, the worrying part is that they keep finding them :cry:

10

Hi tednelly,

I agree with you there. But while you are at that, and I use my alternate browsers, FF and Flock, from a mem stick (no traces on the comp, unless you do not go there to upload), you cannot and must not forget about keeping the IE up to date and fully patched, because it stays such an integral part of your OS. MS has built it so deep inside your OS, that it can harm you even through alternate browsers in some cases. Actually there is no difference between access of IE and Windows Explorer on your system in a sense, although with Windows Explorer you cannot browse.

polonus

11

Thanks polonus mate I understang that IE & WEx are deeped rooted in the M$ OS and that without them we to would be rooted ;D however WEx just sits there on my system and the tabbed xplorer² does its job. FF used as main browser (No Comment on Flock) :wink: and when I can find another way of keeping XP up to date without using IE I’ll use it, However until then matey I agree IE is the gun!! the only gun

12

This is the major reason IE won’t see the light of day as my primary browser until it is completely separate from the OS (exploit the browser, exploit the OS). With notable exception when visiting windows update and even then I try to use one of the IE-based browsers. It is very true that it is essential to keep it up to date because of its OS integration.

I have explorer.exe blocked in my firewall as if you try typing a URL into the explorer Address bar, off it will go to that web site, see images and blocking, etc.

13
and when I can find another way of keeping XP up to date without using IE I'll use it, However until then matey I agree IE is the gun!! the only gun

Maybe this will help???
http://forum.avast.com/index.php?topic=16849.msg152230#msg152230

14

Have you or antone else tried it (windizupdate) Bob ?

I did with firefox 1.5.1 (installed the plug-in) to download one optional update (AC97 Audio Driver) as a trial and that failed. I will check again after the next batch of windows updates and see what other non-critical updates might be there.

15

I did before I made the post. As I do with all of the apps. in that series.
I haven’t recently since I use windows update and as all of you know by now GreenBrowser (IE based browser).

16

Works perfectly for me 8)

17

Hi Bob,

I think there must be a reason for you too, Bob, to use GreenBrowser in stead of the default embedded one.
It is like David says here, compromise the browser & you have compromised the OS, at least with IE. Good that MS did not hand out the information to alternate browsers to do the same.
To have a browser when it is such an important posible vehicle for malware vectors build in that deep as an integral part of the OS, is not a thing you do when you have security as a first priority.
Why does not MS come up with a new platform that is really lite, and only carries the OS, there would be a lot of vulnerabilities less to guess at.

polonus

18

Yes, I must agree that the internet browser (whatever it is called … IE, FF, Flock, etc) should not be built into the operating system. I also think that the browser should not be so closely “related” to Windows Explorer. Why, after all this time and multiple problems, MS continues with this is beyond me. ??? ::slight_smile:

19

I just tried to install the same driver update and it failed again but I got a little more information this time, a missing file, “unable to load UPD62INT.DLL – file not found?” So I will uninstall the plug-in and try again later.

20

Latest info from http://isc.sans.org (INFOCon globe in Firefox just went yellow)

IE exploit on the loose, going to yellow (NEW) Published: 2006-03-23, Last Updated: 2006-03-23 20:18:59 UTC by Jim Clausing (Version: 1)

Folks, as Lorna predicted yesterday, it didn’t take long for the exploits to appear for that IE vulnerability. One has been making the rounds that pops the calculator up (no, I’m not going to point you to the PoC code, it is easy enough to find if you read any of the standard mailing lists), but it is a relatively trivial mod to turn that into something more destructive (in fact, one of our readers has provided us with a version that he created that is more destructive). For that reason, we’re raising Infocon to yellow for the next 24 hours.