 |
Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
|
| View previous topic :: View next topic |
| Author |
Message |
tripkill201
Warrior
Joined: 24 Jun 2007
Last Visit: 23 Feb 2008
Posts: 175
Location: Approximately 2.3698 billion light years away.
|
 Posted: Sat Dec 15, 2007 4:34 pm Post subject: "Exploit.HTML.IESlice.aj"? |
 |
|
So, my friend recently e-mailed me, and told me about something Norton had detected called "Exploit.HTML.IESlice.aj". He said he got it by simply visiting the home page of a forum that had only been attacked once about a year ago. He also asked me to dig up info on this.
I did find something from Symantec on it, calling it a high-risk exploit. And something from Spyware Terminator calling it a medium threat.
I can't really find any more dirt on it. Can any one else tell me something about this? Because, frankly, this is a new exploit to me. Thanks in advance, guys.
_________________
The stakes are immense, the task colossal, the time is short. But we may hope — we must hope — that man’s own creation, man’s own genius, will not destroy him. -Albert Einstein |
|
| Back to top |
|
 |
suzi
Site Admin
Joined: 27 Jul 2003
Last Visit: 19 Jun 2013
Posts: 10277
Location: sunny California
|
| Posted: Sat Dec 15, 2007 6:21 pm Post subject: |
|
|
Exploit.HTML.IESlice refers to malicious code on a web page that exploits a vulnerability in an Internet Explorer Active X control. It was used by criminals last fall -- 2006. Microsoft has since patched that vulerability so your friend needs to make sure he has all his Windows updates. He could also avoid this by using a different browser.
There is some information about it in this article.
http://www.eweek.com/article2/0,1759,2022805,00.asp
Some excerpts from the article:
| Quote: |
| The exploits target a Windows Shell vulnerability that was first released during HD Moore's Month of Browser Bugs project in July and is being launched by a known cyber-crime organization operating out of Russia, according to virus hunters tracking the threat. |
| Quote: |
| The attack uses IE to trigger an integer overflow error in the "setSlice()" method in the "WebViewFolderIcon" ActiveX control. Microsoft recommends that IE users disable attempts to instantiate the ActiveX control by setting the kill bit for the control in the registry. |
When an unprotected user lands on a web page with the malicious code, it uses the vulnerability to download other malware from the web.
The Microsoft advisories are here:
http://www.microsoft.com/technet/security/advisory/926043.mspx
http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx
Some info here also:
http://blog.trendmicro.com/ie-0-day-setslice2829-vulnerability/
HTH.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn.  |
|
| Back to top |
|
|
tripkill201
Warrior
Joined: 24 Jun 2007
Last Visit: 23 Feb 2008
Posts: 175
Location: Approximately 2.3698 billion light years away.
|
| Posted: Sat Dec 15, 2007 9:30 pm Post subject: |
|
|
Thanks suzi. This really helps.
_________________
The stakes are immense, the task colossal, the time is short. But we may hope — we must hope — that man’s own creation, man’s own genius, will not destroy him. -Albert Einstein |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group
|
