Breaking news

You may have heard about an IE crashing vulnerability that was unfortunately publicly posted before the weekend.  We just wanted to make a quick note here that, as always, we’re investigating it.  So far we’ve determined that visiting a page that exploits it could cause IE to fail.  We’re going to continue to look into this but remind you that safe browsing practices can help here, like only visiting trusted websites, etc.

Secunia Research has discovered a vulnerability in Microsoft Internet Explorer, which can be exploited by malicious people to compromise a user's system.

The vulnerability is caused due to an error in the processing of the "createTextRange()" method call applied on a radio button control. This can be exploited by e.g. a malicious web site to corrupt memory in a way, which allows the program flow to be redirected to the heap.

Successful exploitation allows execution of arbitrary code.

The vulnerability has been confirmed on a fully patched system with Internet Explorer 6.0 and Microsoft Windows XP SP2. The vulnerability has also been confirmed in Internet Explorer 7 Beta 2 Preview. Other versions may also be affected.

Independently discovered and reported on public mailing lists by Stelian Ene.

New "zero-day" sites increasingly rapidly.

As reported we are actively researching the newest IE zero-day exploits that are surfacing (s: http://www.websenses...hp?AlertID=449). To date we have discovered nearly 100 unique URL's that are all attempting to run malicious code on the users machine without user-intervention.

One interesting aspect we are researching is the number of machines that appear to have been compromised here. The sheer percentage of sites that are compromised versus owned by the attacker is higher than usual. In particular we have noticed several travel related websites that are hosted on different networks.

Although we have not discovered which one, we believe that there is a potential that a web server exploit is being used in combination with the IE exploit to get code on the servers and then on the clients. In recent weeks we have also seen increases on our honeypots for several bulleting board programs (most notably PHPBB).

Here's what we know. The attacks are limited in scope for now and are being carried out by malicious Web sites exploiting a vulnerability in the method by which Internet Explorer handles HTML rendering. To be clear, and as our advisory states, the vulnerability affects currently supported versions of Windows 2000, Windows XP and Windows Server 2003.

Firefox 1.5.0.2 Security and Stability Update

As part of Mozilla Corporation’s ongoing stability and security update process, Firefox 1.5.0.2 is now available for Windows, Mac, and Linux for free download from getfirefox.com. We strongly recommend that all users upgrade to this latest release. This update is available immediately in 37 languages including German, French, Spanish, Japanese, Simplified and Traditional […]

Firefox 1.0.8 Security and Stability Release and End-of-Life for 1.0.x

Firefox 1.0.8 includes fixes for security and stability issues. This release marks the end-of-life of the 1.0.x product line. See the Firefox 1.0.x Product Sunset Announcement.
Mozilla Corporation strongly recommends that all Firefox 1.0 users upgrade to Firefox 1.5 available for Windows, Mac, and Linux for free download from getfirefox.com. This update is available immediately […]

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

CnsMin Object Recognized!
    Type               : Regkey
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}

CnsMin Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
    Value              : clsid

CnsMin Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
    Value              : MenuText

CnsMin Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
    Value              : Default Visible

CnsMin Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
    Value              : Exec

CnsMin Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
    Value              : Icon

CnsMin Object Recognized!
    Type               : RegValue
    Data               :
    TAC Rating         : 8
    Category           : Data Miner
    Comment            :
    Rootkey            : HKEY_LOCAL_MACHINE
    Object             : software\microsoft\internet explorer\extensions\{e5d12c4e-7b4f-11d3-b5c9-0050045c3c96}
    Value              : HotIcon

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 7
Objects found so far: 7