Published: 2005-11-21,
Last Updated: 2005-11-21 15:54:56 UTC by Johannes Ullrich (Version: 1)
the UK group "Computer Terrorism" released a proof of concept exploit
against patched versions of Internet Explorer. We verified that the code
is working on a fully patched Windows XP system with default
configuration.
The bug uses a problem in the javascript 'Window()' function, if run
from 'onload'. 'onload' is an argument to the HTML <body> tag, and is
used to execute javascript as the page loads.
Impact:
Arbitrary executables may be executed without user interaction. The PoC
demo as tested by us will launch the calculator (calc.exe).
Mitigation:
Turn off javascript, or use an alternative browser (Opera, Firefox). If
you happen to use Firefox: This bug is not affecting firefox. But others
may. For firefox, the extnion 'noscript' can be used to easily allow
Javascript for selected sites only.
Open Questions:
We are not sure if paramters can be passed to the executable. If so, the
issue would be much more severe.
Please monitor this diary for updates.
