Finjan, the global provider of best-of-breed proactive web security solutions for businesses and organisations, has informed Microsoft of a bypass and cross zone scripting vulnerability in the Remote Data Service (RDS) object. Hackers could have potentially exploited this vulnerability to gain full control over and remotely execute code on user´s machines using Internet Explorer. This vulnerability applies to fully patched Windows XP SP2 system, including users of Internet Explorer version 7.0b1.
“This discovery is an excellent example of the shared efforts and close cooperation between Finjan´s Malicious Code Research Centre (MCRC) and Microsoft with the goal of securing users from potential malicious attacks. It is an additional example of our cooperation since Microsoft´s investment in Finjan last summer,” said Yuval Ben-Itzhak, CTO at Finjan. “MCRC´s continuous efforts and expert knowledge are leveraged in Finjan´s proactive web security offerings, which protect our customers proactively from new and unknown threats. Our Vulnerability Anti.doteTM provides virtual patching of vulnerabilities even before they are patched by the respective vendor.”
RDS is part of the Microsoft Data Access Components (MDAC) library and enables the creation and execution of objects that are not allowed to run by Internet Explorer. By exploiting this vulnerability, a hacker could have bypassed security restrictions imposed on objects and run them in the “Internet Zone.” In addition, the vulnerability could have given a hacker full control over the user´s machine, including access to information and “write” privileges to the local file system. To view a short demo showing how a hacker could have benefited from exploiting this vulnerability, click here.
Finjan provided Microsoft with full technical details, including proof-of-concept, concerning this vulnerability and assisted Microsoft with the fix. According to its code of ethics, Finjan does not publish technical details about vulnerabilities.
Finjan´s Vital Security behaviour-based solutions proactively protect its customers against this vulnerability, closing the Window-of-Vulnerability.