Hot on the heels of this month’s security bulletin, a new vulnerability exploit surfaces with a malware in tow. The new zero-day vulnerability, as described in a previous post, prompted Microsoft to release Security Advisory (981374) while investigations are still underway. This Internet Explorer (IE) vulnerability exists due to an invalid pointer reference bug within IE, which, under certain conditions, could be exploited to execute hostile code.
This vulnerability primarily affects IE 6 and 7. IE 8 is not affected. Users using the affected browsers are advised to follow the workarounds in Microsoft’s advisory until the applicable patches are released. Systems using the latest Windows versions—Windows 7 and Server 2008—are automatically immune from this threat since the said OS versions are shipped with IE 8. Those using earlier versions, however, would benefit from upgrading their browsers to IE 8.
In relation to this vulnerability, Trend Micro currently detects a malicious JavaScript file as JS_SHELLCODE.CD, which exploits CVE-2010-0806 and allows the unauthorized download of files onto affected machines.
Trend Micro™ Smart Protection Network™ protects customers from this threat by blocking user access to the malicious website the JavaScript connects to via the Web reputation service. It also detects and prevents the download of JS_SHELLCODE.CD via the file reputation service.
Trend Micro Deep Security™ and Trend Micro OfficeScan™ likewise protect business users via the Intrusion Defense Firewall (IDF) plug-in if their systems are updated with the IDF10-011 release, rule number IDF10011.