Outpost 個人防火牆 - Microsoft Internet Explorer Mismatched Document Object Model Remote Code Execution Vulnerability

Agnitum Security Advisories

ASA-12-0512-4: Microsoft Internet Explorer Mismatched Document Object Model Remote Code Execution Vulnerability

Vulnerability summary:

Vulnerability details:

Tech brief:

Remote code execution vulnerability exists in how Microsoft Internet Explorer processes mismatched Document Object Model objects. According to the Microsoft's report, an attacker could construct a malicious website and persuade people to visit it. By visiting the site, malicious code can be executed on vulnerable machines with no user interaction, provided that the user accesses the site with an administrator (or root) account.

The Document Object Model (DOM) is a standard maintained by the W3C (World Wide Web Consortium), which regulates how the structure, appearance, and content of Web documents can be updated with scripts or other programs.

This vulnerability enables an attacker to execute code on the target system with elevated privileges. In order to exploit the vulnerability, an attacker would have to get people to visit the site by sending forged email or by displaying an inciting banner that lures people in. After that, no user interaction is required to trigger the remote execution of arbitrary code. Following a successful attack, an attacker would be able to install malicious code on the affected system and access confidential data, or take complete control of the system and attack other Internet hosts.

Vendor reference information:

Vendor details pertaining to the problem are available here:
http://www.microsoft.com/technet/security/bulletin/MS05-054.mspx

General Mitigating Recommendations:
Install latest vendor patches available at http://windowsupdate.microsoft.com.

Do not visit doubtful sites or at least limit what executable content can be run on those murky sites.

Know how to identify Internet hoaxes and do not react to them. Try reporting cases to appropriate authorities.

Try using alternate browser such as Firefox or Opera.

How Outpost Firewall PRO protects you:

Outpost controls what internal components of a program are run in memory. Illegitimate ones are automatically blocked from accessing the network. Real-time spyware protection would prevent spyware infestation.

Outpost protects the user's system from unauthorized access and intrusions, and alerts users when malicious code attempts to execute or access the network.

Disclaimer:

Information in the present advisory is believed to be accurate as to the time of publishing based on currently available information. Use of the information signifies acceptance for use in an AS IS condition. There are no warranties with regard to this information. Agnitum Ltd. doesn't accept any liability for any direct, indirect, or consequential loss or damage arising from use of, or reliance on, this information.

關於Version 2 Limited

Version 2 Limited 是亞洲其中一間最有活力的IT公司，公司發展及代理各種不同的互聯網及IP-Based 網絡IT產品，當中包括通訊系統、保安、網絡及媒體產品。透過公司龐大的網絡、銷售點、分銷商及合作顆伴，Version 2 Limited 便可提供廣被市場讚賞的產品及服務。Version 2 Limited 客戶來自各行各業，包括全球1000大跨國企業、上市公司、公用機構、政府部門、無數成功的中小企及來自亞洲各城市的客戶。

如對產品有興趣，可瀏覽以下網址:
http://www.version-2.com/op
http://www.version-2.com/nod32op