Sep19
11:55 am (UTC-7)   |   by Jhoevine Capicio (Advanced Threats Researcher)

Sunbelt has just discovered a new IE zero day being used in the wild. The zero day exploit makes use of a vulnerability in the Vector Markup Language (VML) inside Internet Explorer to overflow a buffer and inject a shellcode.


I will update this as research on the said subject is still on going.


Update (Jovs, Tue, 19 Sep 2006 10:37:07 PM)


For those who don’t know, the vulnerable dll exploited by this zero day is VGX.DLL which is used by Internet Explorer for processing Virtual Markup Language.


Sunbelt has proposed turning off Javascripting to mitigate the exploit. Or you can just use an alternative browser like Firefox.


Microsoft has already been informed about the vulnerability, so far there isn’t a patch available yet, but give them time, it is a zero day after all.


This blog will be updated for the malware name given to the exploit code.



Update (Chachi, Wed, 20 Sep 2006 03:08:05 AM)


The exploit code will now be detected as EXPL_EXECOD.A and the executable files will be detected as TROJ_AGENT.FAC, TROJ_DELF.DBC, TROJ_DLOADER.EES.


These are now detected using Control Pattern 3.764.02


If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Tuesday, September 19th, 2006 at 11:55 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


IE Zero Day + Web Attacker Kit
TROJ_CLAGGE.B spams


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice