The Register®

Original URL: http://www.theregister.co.uk/2012/09/17/yet_another_explorer_zero_day/

Users told: Get rid of Internet Explorer (again)

It’s more like an exploit than a browser

By Richard Chirgwin

Posted in Security, 17th September 2012 22:17 GMT

Free whitepaper – Hands on with Hyper-V 3.0 and virtual machine movement

Internet Explorer users have been told to ditch the application and switch to another browser, pronto.

The warning comes from Rapid7, which describes a hole that’s exploitable by visiting a malicious Website (and, of course, in the world of Twitter and shortened URLs, it’s so much easier to get users to visit such sites).

Visiting a malicious site gives the attacker the same privileges as the current user, according to Rapid7’s post, here [1]. Although the published exploit targets XP, Rapid7 says the attack works on IE 7 through 9 running on XP, Vista and Windows 7.

The discoverer of the exploit, Eric Romang, says [2] the zero-day drops a file, Exploit.html, on the target. This, in turn, creates files with img and swf suffixes, which IE treats as Flash.

Romang claims the exploit was created by the same group – Nitro – that recently released [3] a Java zero-day into the wild.

Rapid7’s HD Moore, also chief architect of Metasploit, told [4] Ars that he’s surprised to see the exploit work across Windows Vista and 7: “This is one of the few times that a vulnerability has been successfully exploited across all the production shipping versions of the browser and OS”, he said. The attack bypasses ASLR – address space layout randomization – that’s meant to help defend the newer operating systems against attack.

Microsoft is looking at the exploit now, and has stated that it will “take the necessary steps” once it has a fix ready. ®