Drive-by Exploit Plants Trojans onto Fully Patched Windows Systems Running IE

 
 
By Lisa Vaas  |  Posted 2007-03-29 Email Print this article Print
 
 
 
 
 
 
 

McAfee's Avert Labs have discovered a drive-by exploit on the Web that preys on fully patched Windows XP SP2 systems running IE 6 and 7 browsers. In preliminary tests, McAfee found that the IE/XP systems proved vulnerable to an attack that delivers a Trojan download in complete silence.

McAfee Avert Labs said on its site on Wednesday that its researchers had discovered the exploit posted to a message board. The posting described a proof of concept, but McAfee Avert Labs have since also received a malicious sample. "It is quite likely that similar exploits targeting this vulnerability are currently being used in other attacks on the web," according to the Labs.

McAfee so far hasn't found Windows XP SP0 or SP1 to be vulnerable. Firefox 2.0 is also bearing up to the attack.

The vulnerability lies in the handling of malformed Windows animated cursor (.ani) files. The Avert Labs suggests that this vulnerability is reminiscent of a Microsoft security bulletin that went out in January 2005, MS05-002. In that instance, many versions of Windows were found to be critically vulnerable to remote code execution due to a problem with cursor and icon format handling.

McAfee hasn't offered any workaround to the unpatched vulnerability, although it does rate it as being of low risk to home or corporate users. The Avert Labs are tracking the exploit and will post more information as they find it.

 
 
 
 
del.icio.us | digg.com
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Thanks for your registration, follow us on our social networks to keep up-to-date
Rocket Fuel