Activity spotted by an eWeek reporter
on at least two "gray-hat" vulnerability research sites appears to
indicate that an exploit for a weakness in one of Microsoft's
Multimedia ActiveX controls discovered last June may still be feasible,
even after four years of patches.
controls, which was last used in Internet Explorer 5.0 and is still
installed on many systems, could be so easily exploited to trigger heap
overflows, has been a published fact since at least 2003
Just last June, however, gray-hat firm Xsec found at least one other
way to keep exploiting them. The US Department of Homeland Security was
apparently notified of the exploit in late August,
and released a bulletin last week. That bulletin stated the exploit had
been witnessed running in IE 6.0 SP1, though the DHS rated its severity
as "low."
The exploit Xsec discovered is frighteningly simple:
Unchecked JavaScript code, reportedly running on a Chinese-language
version of Windows Server 2003 prior to SP1, can be used to instantiate
Microsoft's DirectAnimation library. By passing it a parameter for
generating a spline -- a curved path -- using a value that's
out-of-bounds for that function, a heap overflow condition is
triggered. The original code, published by SecurityFocus, does not contain a payload for deployment after triggering the condition.
A
recently published version of this exploit, on Xsec and one other site,
essentially re-creates the exploit by enabling curious parties to
compile a C-language routine that deploys it via the Windows Command
Prompt.
SecurityFocus has catalogued the exploit as Bugtraq ID
19738, and states it knows of no patches released thus far that
specifically address the issue. Meanwhile, Internet Security Systems classifies the exploit as "high risk," stating no known remedy existed as of its last update nearly three weeks ago.
This
DAXCTLE exploit, for lack of a better name, is merely the latest in a
series of recent security troubles for Microsoft that could be
considered a "heap overflow" of a different variety.
Although
more unpatched exploits from years past are being characterized as
"zero-day exploits" for one reason or another, the problem for
Microsoft has not been that malicious users are implementing exploits
the same day vulnerabilities are discovered. The real issue is that
they're successfully continuing to find exploits four years or more after the underlying problems are known.
0 comments:
Post a Comment