Content
Exploit-IframeBO
- Type
- Vulnerability
- SubType
- Exploit
- Discovery Date
- 11/02/2004
- Length
- Minimum DAT
- 4405 (11/09/2004)
- Updated DAT
- 5345 (07/23/2008)
- Minimum Engine
- 5.1.00
- Description Added
- 11/05/2004
- Description Modified
- 12/01/2004 11:01 AM (PT)
Risk Assessment
- Corporate User
- Low-Profiled
- Home User
- Low-Profiled
Tab Navigation
Characteristics
-- Update December 01, 2004 --
Microsoft has released an out of schedule patch to address the vulnerability exploited by this threat:
http://www.microsoft.com/security/bulletins/200412_windows.mspx
-- Update November 05th 2004 --
The risk assessment of this threat has been deemed Low-Profiled due to the following media attention:
http://www.computerworld.com/securitytopics/security/story/0,10801,97258,00.html
Exploit-IframeBO is referred to as New IE Hole in the article.
--
Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE.
Windows XP users running SP2 are not affected by this vulnerability. As previous versions of Windows XP are vulnerable, and a patch is not yet available from Microsoft, users are urged to upgrade to SP2 to stay protected. All systems running VSE8.0i with buffer overflow protection enabled (default setting) are also protected from this threat.
Please refer to the following link for more details.
http://secunia.com/advisories/12959/
Symptoms
Variable. The symptoms of the buffer overflow will vary depending upon the remote code executed. This threat is known to have been used to spread mass-mailing viruses, install remote access trojans, as well as adware.
Method of Infection
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the program using the WebBrowser control) to crash.
Removal
All Users:
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
McAfee Entercept
Entercept's buffer overflow protection protects against code execution that may result from exploitation of the IFRAME buffer overflow vulnerability.
McAfee VirusScan Enterprise 8.0i
VirusScan Enterprise 8.0i buffer overflow protection protects against code execution that may result from exploitation of the IFRAME buffer overflow vulnerability if the malicious HTML document is viewed in Internet Explorer, Outlook or Outlook Express.
WINDOWS XP USERS ARE URGED TO UPGRADE TO SP2
http://www.microsoft.com/windowsxp/sp2/default.mspx
Variants
Variants
N/A
All Information
Overview -
Characteristics
Characteristics -
-- Update December 01, 2004 --
Microsoft has released an out of schedule patch to address the vulnerability exploited by this threat:
http://www.microsoft.com/security/bulletins/200412_windows.mspx
-- Update November 05th 2004 --
The risk assessment of this threat has been deemed Low-Profiled due to the following media attention:
http://www.computerworld.com/securitytopics/security/story/0,10801,97258,00.html
Exploit-IframeBO is referred to as New IE Hole in the article.
--
Microsoft Internet Explorer (IE) contains a buffer overflow vulnerability that can be exploited to execute arbitrary code with the privileges of the user running IE.
Windows XP users running SP2 are not affected by this vulnerability. As previous versions of Windows XP are vulnerable, and a patch is not yet available from Microsoft, users are urged to upgrade to SP2 to stay protected. All systems running VSE8.0i with buffer overflow protection enabled (default setting) are also protected from this threat.
Please refer to the following link for more details.
http://secunia.com/advisories/12959/
Symptoms
Symptoms -
Variable. The symptoms of the buffer overflow will vary depending upon the remote code executed. This threat is known to have been used to spread mass-mailing viruses, install remote access trojans, as well as adware.
Method of Infection
Method of Infection -
By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message), an attacker could execute arbitrary code with the privileges of the user. The attacker could also cause IE (or the program using the WebBrowser control) to crash.
Removal -
Removal -
All Users:
Modifications made to the system Registry and/or INI files for the purposes of hooking system startup, will be successfully removed if cleaning with the recommended engine and DAT combination (or higher).
Additional Windows ME/XP removal considerations
McAfee Entercept
Entercept's buffer overflow protection protects against code execution that may result from exploitation of the IFRAME buffer overflow vulnerability.
McAfee VirusScan Enterprise 8.0i
VirusScan Enterprise 8.0i buffer overflow protection protects against code execution that may result from exploitation of the IFRAME buffer overflow vulnerability if the malicious HTML document is viewed in Internet Explorer, Outlook or Outlook Express.
WINDOWS XP USERS ARE URGED TO UPGRADE TO SP2
http://www.microsoft.com/windowsxp/sp2/default.mspx
Variants
Variants -
N/A
