'Greyhat' Exposes New IE Flaw Vulnerability Puts IE Uses at Risk Sean Michael Kerner
A security research group known as the Greyhats Security Group has announced a new Microsoft Internet Explorer flaw and has posted a proof of concept exploit to back up its claims.
An individual "Greyhat" going by the name of "Paul" posted the vulnerability, which has been confirmed by other security research firms, including Secunia, on fully patched systems witn XP SP2 and IE 6.
Secunia, which tagged the flaw moderately critical, noted that, "the vulnerability is caused due to an error in the DHTML Edit ActiveX control when handling the execScript() function in certain situations." The so-called "MSIE DHTML Edit Control Cross Site Scripting Vulnerability" could allow an attacker to execute a cross-site scripting attack. It is possible to steal cookie-based authentication credentials through this vulnerability.
The discussion of the exploit by the Greyhat security researcher describes the process of how he discovered the vulnerability and then went about exploiting it. Paul explained that after looking at a popup block killer posted by a fellow security researcher he became interested in the DHTML edit control.
Paul noted that he didn't know the exact specifics of the control but was able through testing to find the vulnerability.
"SP2 puts extremely heavy security on the javascript: and vbscript: protocols, apparently rendering them useless for hacking attempts," Paul wrote. "However, there are still plenty of ways to make a target run script."
Secunia recommends users disable ActiveX support by setting their "Internet" zone security level to "High." They also note that XP SP2 users can disable the exploitable ActiveX Control via the Tools/Manage Add-Ons option.
