Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

"Exploit.HTML.IESlice.aj"?

 
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News
View previous topic :: View next topic  
Author Message
tripkill201
Warrior


Joined: 24 Jun 2007
Last Visit: 23 Feb 2008
Posts: 175
Location: Approximately 2.3698 billion light years away.

PostPosted: Sat Dec 15, 2007 4:34 pm    Post subject: "Exploit.HTML.IESlice.aj"? Reply with quote

So, my friend recently e-mailed me, and told me about something Norton had detected called "Exploit.HTML.IESlice.aj". He said he got it by simply visiting the home page of a forum that had only been attacked once about a year ago. He also asked me to dig up info on this.

I did find something from Symantec on it, calling it a high-risk exploit. And something from Spyware Terminator calling it a medium threat.

I can't really find any more dirt on it. Can any one else tell me something about this? Because, frankly, this is a new exploit to me. Thanks in advance, guys.
_________________


The stakes are immense, the task colossal, the time is short. But we may hope ó we must hope ó that manís own creation, manís own genius, will not destroy him. -Albert Einstein
Back to top
View user's profile Send private message
suzi
Site Admin


Joined: 27 Jul 2003
Last Visit: 16 Apr 2014
Posts: 10310
Location: sunny California

PostPosted: Sat Dec 15, 2007 6:21 pm    Post subject: Reply with quote

Exploit.HTML.IESlice refers to malicious code on a web page that exploits a vulnerability in an Internet Explorer Active X control. It was used by criminals last fall -- 2006. Microsoft has since patched that vulerability so your friend needs to make sure he has all his Windows updates. He could also avoid this by using a different browser.

There is some information about it in this article.

http://www.eweek.com/article2/0,1759,2022805,00.asp

Some excerpts from the article:

Quote:
The exploits target a Windows Shell vulnerability that was first released during HD Moore's Month of Browser Bugs project in July and is being launched by a known cyber-crime organization operating out of Russia, according to virus hunters tracking the threat.


Quote:
The attack uses IE to trigger an integer overflow error in the "setSlice()" method in the "WebViewFolderIcon" ActiveX control. Microsoft recommends that IE users disable attempts to instantiate the ActiveX control by setting the kill bit for the control in the registry.


When an unprotected user lands on a web page with the malicious code, it uses the vulnerability to download other malware from the web.

The Microsoft advisories are here:

http://www.microsoft.com/technet/security/advisory/926043.mspx

http://www.microsoft.com/technet/security/bulletin/ms06-057.mspx

Some info here also:

http://blog.trendmicro.com/ie-0-day-setslice2829-vulnerability/

HTH.
_________________
Former Microsoft MVP 2005-2009, Consumer Security
Please do not PM or Email me for personal support. Post in the Forums instead and we will all learn. Smile
Back to top
View user's profile Send private message Visit poster's website
tripkill201
Warrior


Joined: 24 Jun 2007
Last Visit: 23 Feb 2008
Posts: 175
Location: Approximately 2.3698 billion light years away.

PostPosted: Sat Dec 15, 2007 9:30 pm    Post subject: Reply with quote

Thanks suzi. This really helps.
_________________


The stakes are immense, the task colossal, the time is short. But we may hope ó we must hope ó that manís own creation, manís own genius, will not destroy him. -Albert Einstein
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Spyware Warrior Forum Index -> Security Notices & News All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group