The Web    Google
Researcher: IE Cumulative Patch Inadequate

Researcher: IE Cumulative Patch Inadequate
September 8, 2003
Ryan NaraineBy

Security research firm Secunia has recommended that users of Microsoft's Internet Explorer browser disable ActiveX controls and plugins to protect against a variant of the "Object Data" vulnerability.

The Secunia warning comes just one week after Microsoft (, ) issued a cumulative patch for the IE browser that .

However, in a special update, Secunia said Microsoft's cumulative patch was not adequate and warned that exploitation of the most serious security hole was already discovered in the wild. "Analysis shows that the exploit installs a program called ADPlus module or SurferBar, which is added to a users Internet Explorer and contains links to various porn sites," the company cautioned.

"The "Object Data" vulnerability is straightforward to exploit. In many ways, this vulnerability is similar to [a previous flaw] which was exploited by notorious viruses like Nimda, Badtrans and Klez," the company said.

Efforts to contact Microsoft were not successful at press time.

To protect against the vulnerability, IE users should disable Active Scripting until Microsoft provides a comprehensive fix.

Secunia said the "Object Data" hole can be targeted via e-mail or specially-crafted Web sites to allow execution of arbitrary code on the client system.

To determine the safety of an object, the IE browser interprets the file extension specified in the "Object Data" tag. "This allows a malicious person to specify a "safe" file with eg. a ".html" extension in "Object Data", which causes Internet Explorer to interpret it as a "safe" file, the company explained. However, when the file is retrieved by IE, the "Content-Type" header determines how the file will be treated. "This allows an executable file like a ".hta" file to be treated as a "safe" file and be executed silently without restrictions," Secunia warned.

The flaw, which Secunia described as "extremely critical," affects Microsoft IE versions 5.01, 5.5 and 6.0.

  • 6/28: Backdoor-CCL Running Wild
  • 12/10: Agobot-NX an IRC Trojan & Worm
  • New Alliance Opposes Anti-Piracy Mandates
  • Sue a Spoofer Today
  • New Tool Helps Ensure Users Employ Strong Passwords
  • 5/17: Mytob-CH a Mass-Mailing Worm
  • 4/27: Mytob-CY Worm Arrives as Email Attachment
  • China Backs Down on WAPI Deadline
  • In the Year 2005, Will Your Anti-Spam Arsenal Be the Same?
  • Gates Sends Letter on Spam to Congress
  • 12/3: Rbot-QX a Worm and IRC Trojan
  • Security Camera Industry Information