Exploit Wednesday follows MS Patch Tuesday

Latest News | News Archive |

Posted by: Tweaker
Date added: 08:55, 14th June 2007 GMT
Source: ZDNet News

Less than 24 hours after Microsoft shipped fixes for code execution holes in Internet Explorer and Windows, proof-of-concepts for remote exploits are popping up on the Internet.

On security mailings lists and at the Milw0rm.com site, there are at least three exploits circulating. These provide a roadmap for attackers to launch remote attacks to take complete control of an Windows machine.

Two of the three target gaping holes in the dominant Internet Explorer browser flaws that could be exploited by simply luring the target to surf to a Web page. (See exploit code here and here).

The vulnerabilities in the Microsoft Speech API ActiveListen and ActiveVoice ActiveX controls have been patched with the MS07-033 bulletin so its important to treat that update with the highest possible priority.

By convincing a user to view a specially crafted HTML document (e.g., a web page or an HTML email message or attachment), an attacker may be able to execute arbitrary code with the privileges of the user. The attacker could also cause Internet Explorer (or the program using the WebBrowser control) to crash.

This patch applies to Internet Explorer 7 on Windows Vista.

Proof-of-concept code for a third exploit was released by Thomas Lim of COSEINC to provide technical details of of a critical flaw in the Secure Channel (Schannel) security package in Windows. This bug was patched with MS07-031.

  Tools: Post a comment | Link to this news item | Send to a friend | Submit News

Error: You are not logged in.

In order to leave comments to news articles you must be a Cyber Tech Help Member.

Registration is completely free!    Register to become a member

Along with access to leave comments to news articles you will be able to ask any computing questions you might have on the Cyber Tech Help Forums.

[  To top | Latest News | News Archive | ]