View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
August 18, 2005

Internet Explorer zero day out there

Microsoft Corp yesterday confirmed that exploit code targeting a possible zero-day vulnerability in Internet Explorer 6 has been released on the internet.

By CBR Staff Writer

The SANS Institute’s Internet Storm Center raised its Infocon threat level from green to yellow, and said it believes widespread malicious use of this vulnerability is imminent.

The exploit was released late Wednesday, and Microsoft said yesterday it is aggressively investigating the reported vulnerability, but is not aware of attacks that try to use the reported vulnerabilities.

Vulnerabilities such as this, where exploit code is created before the vendor has published details of the bug, are known as zero days. There are no official patches available.

The vulnerability is in a COM object, msdds.dll, which is dropped by various Microsoft applications including newer versions of Office, the .NET Framework, and Visual Studio.NET, but which is not installed on Windows by default

The attack would require the user to view a web page created by the attacker. The attack would be conducted using an ActiveX control, and would allow the attacker to run code of his choice on the vulnerable machine.

According to SANS, which has tested the exploit, the code as published opens a remote shell with the same privileges as IE, but other payloads are possible. Such bugs are ideal vectors for drive-by spyware installations.

SANS said it has temporarily upgraded its Infocon threat level to highlight the need for speedy action. The last time it went to yellow was a week ago, when the Zotob Windows 2000 worm was unleashed onto the internet.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Since there is no patch, Microsoft suggests concerned users disable or block the affected DLL. This will break applications that use it, but will keep IE safe from attack. More details are at:

The best workaround, of course, is to switch to another browser, even if only temporarily while a patch is developed. Since ActiveX is required to execute the attack, a browser that does not support ActiveX, such as Firefox, is not vulnerable.

The exploit was evidently first published by FrSIRT, the French Security Incident Response Team, which said it was reported by an anonymous person. This narked Microsoft.

Microsoft is concerned that this new report of a vulnerability in Internet Explorer was not disclosed responsibly, potentially putting computer users at risk, the company said in a statement.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.