Zero day IE WebView vulnerability rampages in the wild


The vulnerability involves the way IE handles the setslice() method when using the WebViewFolderIcon ActiveX object (webvw.dll). Web View is one of two different formats Windows Explorer uses for viewing file and folder information, allowing users to preview documents in a thumbnail view before opening.

At the time Moore discovered the vulnerability, he could only exploit it to crash IE. Since then, Moore has figured out how to exploit this vulnerability to execute code and he has released a new Metasploit module to do just that. I downloaded the module and tried it out in Metasploit 3 last week. It works. In fact, it makes it ridiculously easy to attach any sort of malicious payload you want to this exploit, making it skript kiddie heaven. Furthermore, over the weekend other greyhat researchers have released their own Proof-of-Concept (PoC) exploits attacking the Web View vulnerability. These new PoC exploits makes it simple for an attacker to create a malicious Web page that will automatically download and install a nasty executable of the attacker's choosing onto your computer. WatchGuard Wire: RSS Feed | WatchGuard Technologies, Inc.

Linked by shanmuga Tuesday, 3rd October 2006 1:41AM