Ziff Davis Internet
News & Resources for the IT Reseller
NewsReviewsTech AnalysisCommentarySecurityLinux/Unix
My Account |  

IE Exploit Lets Attackers Plant Programs on SP2
By Larry Seltzer

Updated: New attack finds yet another leak in local resource security that Windows XP Service Pack 2 and subsequent patches were supposed to plug.

A security researcher has discovered a new exploit for Microsoft Corp.’s Windows XP Service Pack 2 that allows programs to be planted and executed on fully-patched systems.


The researcher, known as http-equiv and operator of the malware.com Web site, discovered a weakness in the local security zone of Internet Explorer which, through the use of the HTML Help control, allows security restrictions in the zone to be bypassed.

In combination with a separate vulnerability, in which drag-and-drop operations permit executable content to be placed on the system, the result of the attack is the delivery and execution of potentially hostile code from an external Web site. The researcher provides a proof of concept example on the site.

The drag-and-drop component of the example is surprising in light of Microsoft’s recent patching of a related vulnerability. Thor Larholm, senior security researcher for PivX Solutions, said the Microsoft patch, designated MS04-038, “does not patch the drag-and-drop problem directly—instead it tries to prevent its use by limiting the types of files that can be used in DYNSRC.”

eWEEK.com Special Report: Windows XP Service Pack 2

DYNSRC specifies the address of a media object used in a Web page. “As http-equiv demonstrates in his original post, this restriction could be circumvented,” Larholm said.

The problem is relatively minor and can be patched by Microsoft without too much bother, Larholm said. In the meantime, it can be circumvented by disabling a particular shell object, Shell.Explorer, by setting its “kill bit” in the registry. PivX Inc. is providing a registry fix for doing this on their Web site.

In order to deliver and run the attack code the user must perform a drag-and-drop operation. In a real-world attack, users would probably be enticed with a media file such as an image or music, but the file would contain the attack code, according to a description written by Symantec Corp.

A Microsoft spokeswoman said the company is investigating reports of a vulnerability affecting Windows XP Service Pack 2 and earlier versions of Windows that could enable an attacker to place a malicious file on a user’s system.

“Microsoft is not aware of any customer impact at this time. However we will continue to investigate the issue to determine the appropriate course of action to protect our customers. This might include providing a fix through our monthly patch release process or an out-of-cycle update, depending on customer needs,” she said.

Microsoft also advises customers who have applied the latest Internet Explorer update, MS04-038, to set the “Drag and Drop or copy and paste files” option in the Internet and Intranet zone to “Disable” or “Prompt.” Once this setting is changed, the spokeswoman said, the attack described in the report will not succeed.

In addition, customers who have set their Internet Security zone settings set to high will not impacted by this vulnerability.

Editor’s Note: This story was updated to include additional information from Microsoft.

PointerCheck out eWEEK.com’s Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.

horizontal rule

Be sure to add our eWEEK.com Security news feed to your RSS newsreader or My Yahoo page



Free Hands-On Training Lab
Find out how key features of SBS 2003 can help you open up a new line of revenue. Register now >>

SBS 2003 Sales Reference Card
This handy reference card contains features at a glance, sales objection handling, pricing guidelines & more. Get it now >>

Microsoft Empower for ISVs rewards your big idea with big benefits and support.
Access key development tools at a low cost to help you develop that idea into an innovative application. Learn more >>

Changing Business for the Better: A Practical Guide to BPM

This paper provides an overview of the benefits of BPM technologies and identifies the characteristics of BPM solutions that lead to successful BPM process-centric integration projects.

Download this free white paper to learn more!

>> brought to you by IBM

Attention Microsoft Solution Providers!

Want to gain a competitive edge? Try Microsoft Watch – FREE!

Each week you receive:
  • Microsoft News and Insider Information
  • Expert Analysis
  • Code Names of Upcoming MS Products
  • Year-Ahead Calendar, updated monthly

    Click Here to sign up now for your FREE 14 Day Trial to Microsoft Watch.
  • Add up to $1,200 of value with the new BONUS PACKS.
  • HP PartnerONE: The key to increasing your margins.
  • HP Compaq nc6129 Business Notebook. $1149 Smart Buy
  • HP xw8200 workstation. Smart Buy price $1549.
  • ProLiant DL360G4p server: HP Smart Buy price $1647
  • Microsoft files new anti-piracy lawsuits. Learn more.
  • New offers with Windows Genuine Advantage.

    •Catalog Publishing
    •Dealer Management
    •Order Configuration
    •Price Management
    •Sales Management

    View All >

    Search the jobs you want & get the info you need – post your resume here today!

    Powered by Dice
    White Boxes
    MS vs. IBM
    Linux in the Channel
    Stay in the Zone
    Put The Channel Insider on your desktop.
    Subscribe to The Channel Insider: Channel News, Reviews, Resources and more.

    Make your selections below:

    Contract Watch

    The Channel Insider Update

    Preferred e-mail format:

    Enter your e-mail:

    view all newsletters >>
    Channel Insider Quick Links
    Ziff Davis Footer Logo