1 min read

New Critical IE Vulnerability Spotted in the Wild

Loredana BOTEZATU

March 11, 2010

Promo Protect all your devices, without slowing them down.
Free 30-day trial
New Critical IE Vulnerability Spotted in the Wild

Users running Internet Explorer versions 6 and 7 can get infected by simply visiting a specially crafted web page that uses highly obfuscated JavaScript code to create a use-after-free error, such as a pointer being accessed after the deletion of an object.


Anatomy of the attack


Initially, the user is lured into visiting a specially crafted web link advertised either via spam messages or as posted on bulletin boards, social networks etc. The respective webpage contains JavaScript code obfuscated using the escape function. In order to bypass detection from various antivirus products, the script calls a secondary JavaScript that replaces a variable with the unescape string.


 


Vulnerabilities in Internet Explorer 6 and 7

 


The decrypted result is actually the malicious payload which will trigger a heap spray attack and will write the malicious code into the browser’s User Data area, making it persistent: every time the browser starts, the malicious code is executed without any subsequent intervention (drive-by download), which will result in the automatic download of a file called either notes.exe or svohost.exe (detected by BitDefender as Gen:Trojan.Heur.PT.cqW@aeUw@pbb).


This approach is similar to the one described in CVE-2010-0249 that has been used in targeted attacks against 34 major corporations including GoogleTM and AdobeTM.



Vulnerabilities in Internet Explorer 6 and 7

Mitigating the risks


 Microsoft announced that the exploit is already in the wild and that users will be provided with a fix as soon as possible. Most likely, the vendor will issue a patch on the next “patch Tuesday”, namely on April 13. Since Internet Explorer

tags


Author


Loredana BOTEZATU

A blend of product manager and journalist with a pinch of e-threat analysis, Loredana writes mostly about malware and spam. She believes that most errors happen between the keyboard and the chair.

View all posts

You might also like

Bookmarks


loader