Security threats Toolkit

Shady sites exploit another IE flaw

Tags:
Patch,
IE,
Internet Explorer,
Flaw

Joris Evers CNET News

Published: 20 Sep 2006 10:40 BST

Miscreants are using an unpatched security bug in Internet Explorer to install malicious software from rigged Web sites, experts warned on Tuesday.

The vulnerability lies in the way IE 6 handles certain graphics. Malicious software can be loaded, unknown to the user, onto a vulnerable Windows PC when the user clicks on a malicious link on a Web site or an email message, several security companies said.

"Fully patched Internet Explorer browsers are vulnerable," Ken Dunham, director of the rapid response team at VeriSign's iDefense, said in an emailed statement. "This new zero-day attack is trivial to reproduce and has great potential for widespread Web-based attacks in the near future."

Security-monitoring companies Secunia and the French Security Incident Response Team have given the issue their most serious ratings.

Shady adult Web sites are among the first to exploit the IE vulnerability, Eric Sites, vice president of research and development at spyware specialist Sunbelt Software, wrote on a corporate blog. In one case, a malicious Web site used the exploit to install "epic loads of adware", according to Sunbelt.

Microsoft plans to fix the flaw as part of its monthly patching cycle on 10 October, the software giant said in a security advisory. The update might be released sooner, "depending on customer needs" Microsoft said. Typically, Microsoft only breaks its patch cycle when attacks are widespread.

The number of attacks may rise quickly, according to Web security company Websense. It appears that WebAttacker, a tool often used to create attack sites, has been fitted with the new exploit, Websense said in an emailed statement. "We have confirmed multiple, previously known, WebAttacker sites that are currently exploiting this vulnerability to install malicious software," Websense said. "We expect to see many of the several thousand WebAttacker sites begin to utilise the exploit, as they update to the latest release of the toolkit."

"Microsoft is aware that this vulnerability is being actively exploited," the company said in its advisory. While it works on an update, Microsoft recommends users keep their security software updated and take caution when browsing the Web. In its advisory, it also provides several workarounds to protect systems against the flaw.

The vulnerability lies in a Windows component called "vgx.dll". This component is meant to support Vector Markup Language documents in the operating system. VML is used for high-quality vector graphics on the Web.

This is the second known and unpatched flaw for IE to surface in as many weeks. Last week Microsoft confirmed a flaw in an ActiveX control related to multimedia. Attack code that exploits the flaw and could be used to hijack Windows PCs running IE 5 or IE 6 has been posted on the Net. Microsoft also has yet to provide a patch for a Word 2000 flaw being exploited in targeted cyberattacks.