Actu
SkyRecon Protects From Zero-Day Windows IE 7 Exploits
December 2008 by SkyRecon
SkyRecon® Systems, provider of integrated, proactive endpoint security solutions, announced that its StormShield® Security Suite provides automatic protection for an exploitable Microsoft® Internet Explorer® 7 which reportedly contains a vulnerability that could lead to remote code execution as described in a Microsoft Security Advisory (961051).
With the default Internet Explorer 7 data binding settings in place, a memory corruption error could occur when processing specially-crafted XML content that can cause an affected browser to unexpectedly close in a vulnerable state or to execute arbitrary code.
This exploit is accomplished by a user visiting a malicious web page containing the bogus XML which is then used to remotely compromise the vulnerable application. A successful exploit could allow the attacker to gain the same user rights as the local user.
Users whose accounts are configured to operate with administrative user rights would be more affected than users who have fewer user rights on the system.
Exploitation of this vulnerability has been reported as being “in the wild,” with sample exploit code published on the Internet.
Attacks against the vulnerability are currently targeting Windows Internet Explorer 7 on the following Windows editions: XP Service Pack 2, XP Service Pack 3, Server 2003 Service Pack 1, Server 2003 Service Pack 2, Vista/Vista Service Pack 1, and Server 2008. According to the Microsoft advisory, other versions of Internet Explorer on other editions of Windows may also be vulnerable.
“Windows laptops, desktops, and servers running our lightweight StormShield Security Suite client are automatically protected against any zero-day attacks related to this vulnerability,” says Thomas Garnier, Senior Research Engineer at SkyRecon Systems. “By simply having the StormShield option, ‘Protection against overflow’ set to ‘Critical’ or ‘High’ level, our customers’ systems and data are automatically protected, even without a patch update. SkyRecon’s ongoing research and development allows its StormShield customers to continue to operate their business with confidence.”
StormShield Security Suite provides proactive protection for the system and the data delivered through a multi-layered, light-weight single endpoint protection platform, providing dynamic and risk-based policy control and enforcement for: anti-virus/anti-spyware, device control, content encryption, host-based intrusion prevention (HIPS), system firewall, application control, wireless security, and network access control (NAC).
