Malicious code targets Unpatched flaw in Internet Explorer

By | September 22, 2006

A critical vulnerability is identified in Internet Explorer versions 5+ and above. Security experts at MicroWorld Technologies say a malicious code named ´Exploit.HTML.VML´ is being actively exploited by Pornographic and other shady websites to install Spyware and Trojans into user computers without their knowledge.

The vulnerability is found in the implementation of VML -Vector Markup Language- derived from XML and used in delivering vector graphics with geometrical shapes and mathematical equations, in Internet Explorer. File formats such as SWF(Flash), PDF(Adobe Acrobat), AI (Adobe Illustrator), EMF (Microsoft Enhanced Metafile) are examples of vector graphics.

´Exploit.HTML.VML´ pushes other malware into computers by inducing a Stack Buffer Overflow, when a smartly crafted page with VML containing a long “fill” method inside a “rect” tag, is displayed in IE. In a typical scenario, Internet Explorer is seen crashing soon after the exploit is delivered.

Microsoft has confirmed that the vulnerability allows the malware author to execute arbitrary code on the attacked system while acknowledging that a successful intruder can gain local user rights on victim´s computer. The corporation is working on a patch for the flaw and if the situation warrants, would go for an earlier release of it, before its monthly patching cycle scheduled on October 10.

“This is a Drive-by Download Attack using a Zero-day vulnerability, making it a definite case of clear and present danger,” says CEO of MicroWorld Technologies, Govind Rammurthy. “Just by visiting shady websites, community portals or photo exchange sites where user posted content is hosted without much supervision, you could well be inviting sly malware right into your PC.”

Leave a Reply