Thursday, September 14, 2006

Vulnerability

Gardeners know that it is important to know the conditions your prospective garden additions are going to want--light, soil, water--before planting. When doing so, they are less likely to be vulnerable to problems.

Similarly, web surfers need to be aware of potential vulnerabilities. The latest identified by FrSIRT is identified as critical and shown below.


The advisory from me -- make certain your computer is properly updated with the latest Microsoft patches, that you have a firewall and up-to-date antivirus.

Advisory ID : FrSIRT/ADV-2006-3593
CVE ID : CVE-2006-4777
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2006-09-13
Technical Description

A vulnerability has been identified in Microsoft Internet Explorer, which could be exploited by remote attackers to crash a vulnerable browser or take complete control of an affected system. This flaw is due to a memory corruption error when processing a specially crafted argument passed to the "KeyFrame()" method of a "DirectAnimation.PathControl" (daxctle.ocx) ActiveX object, which could be exploited by attackers to cause a denial of service or execute arbitrary commands by convincing a user to visit a malicious Web page.

FrSIRT confirmed this vulnerability on a fully patched Windows XP SP2 system. An exploit code is publicly available.

See the list affected products and work around at http://www.frsirt.com/english/advisories/2006/3593

No comments: